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PREFACE 


Network 
General 


Preface 


About This Manual 


This manual describes the functions and operations of the token ring 
monitor, a software component of the Distributed Sniffer System™. It 
also gives recommendations on how to use the monitor effectively to 
detect network problems. 


The Distributed Sniffer System consists of two types of products: 
Sniffer® servers and SniffMaster™ consoles. Each server observes the 
local or wide-area network to which it is attached; the console controls 
the servers and displays the results of the servers’ activities. Some 
servers run the monitoring or analysis application alone, while others 
run both. 


Manuals for the Distributed Sniffer System 


Two types of manuals accompany the Distributed Sniffer System. The 
primary manuals, which include this manual, describe the system’s 
normal operations; the supplementary manuals describe the 
programs that configure and test the system’s various hardware and 
software components for troubleshooting. The actual manuals in your 
shipment depend on the system configuration. 


Figure i describes the primary manuals. 


For Information On... 


Installing and configuring the server. | Distributed Sniffer System: 
Installation and Operations 
Manual or Distributed 
Sniffer System: Server 
Installation Manual. 


Installing and configuring the console. | Distributed Sniffer System: 
Installation and Operations 


Controlling servers from the console. 
5 Manual. 


Starting and terminating the 
applications on the server. 


Operating the server's analysis 
functions on an Ethernet, token ring, or 
wide area network. 


Distributed Sniffer System: 
Analyzer Operations 
Manual. 


Figure 1. Primary manuals for the Distributed Sniffer System (continued). 
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For Information On... 


Operating the server’s monitor Distributed Sniffer System: 
functions on an Ethernet network. Ethernet Monitor Operations 
Manual. 


Using the monitor features effectively 
to detect network abnormalities. 


Operating the server's monitor 


Distributed Sniffer System: 
functions on a token ring network. 


Token Ring Monitor 
Operations Manual (this 
manual). 


Using the monitor features effectively 
to detect network abnormalities. 


Various network and protocol types. | Distributed Sniffer System: 
Network and Protocol 


Reference. 


Figure i. Primary manuals for the Distributed Sniffer System. 


Figure ii describes the supplementary manuals. 


For Information On... 


Running the adapter diagnostics to test | Token-Ring Network Guide 
the IBM 16/4 token ring adapter in the | to Operations. 
console. 


Running the diagnostics to test the NI5210 Installation Manual. 
InterLan NI5210 Ethernet controller in 
the console. 


Configuring and using the IBM® Local | Local Area Network Support 
Area Network (LAN) Support Program Version 1.2 User’s 
Program. Guide. 


Figure ii. Supplementary manuals for the Distributed Sniffer System. 


If the product shipment includes release notes or README files on 
disks, the information in the notes or files supersedes the information 
in this manual. 


Audience of This Manual 


The manual has been prepared with the following assumptions: 


* You are a token ring network manager or troubleshooter who 
understands how a token ring network operates. 


* You are familiar with DOS. 


* You have properly started the SniffMaster console. 
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Preface 


Organization of This Manual 


Figure iii describes the organization of this manual. 


Chapter 1, “Product 
Overview” 


Chapter 2, “Getting 
Started” 


Chapter 3, “Displaying 
Statistics” 


Chapter 4, “Managing 
the Station Data Files” 


Chapter 5, “Working 
with Alarms” 


Chapter 6, “Creating 
Reports” 


Provides an overview of the monitor and 
describes its capabilities. 


Describes the preparation required 
before you start a monitoring session. It 
also discusses the menu structure. 


Describes how to display various types 
of statistics gathered in the current 
monitoring session. 


Describes how to specify information 
about stations on the network, which 
affects the way the monitor observes the 
network and generates alarms. 


Describes different types of alarms. 


Describes the report scripts and gives 
procedures for generating, printing, and 
saving reports. 


Chapter 7, “Establishing | Provides recommendations on how to 


a Baseline for Your 
Network” 


use the monitor features to become 
familiar with normal network traffic 
patterns. 


Chapter 8, “The Monitor | Describes the files on the server that you 


Data Files” 


might need to modify or view when 
using the monitor. 


Chapter 9, “The Monitor | Explains in detail all the menu items and 


Menu Items” 
Appendix A, “Error and 
Warning Messages” 


Appendix B, “Report 
Fields” 


the terms used in the monitor’s screen 
displays. 


Lists all warning and error messages and 
describes recommended actions. 


Lists and describes the report fields that 


you can insert in a report script. 


Figure 111. Scope of each chapter or appendix in this manual. 
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Tutorial 


Technical Support 


containing a list of topics opens. If you are displaying a monitor 
statistics screen, pressing F1 gives you information on the current 
screen. 


NGC distributes a booklet with accompanying diskette entitled Real 
Networks. Real Problems. It presents case studies based on data 
captured with a Sniffer network analyzer from four different 
networks. The Sniffer analyzer and the server's analysis application 
have different capabilities, but the case studies allow you to see how 
investigation of a network problem proceeds. 


You can obtain the tutorial free of charge from any of the company’s 
sales representatives or directly from NGC. 


If you have problems with the Distributed Sniffer System, refer to 
Appendix A, “Troubleshooting Guide,” in the Distributed Sniffer 
System: Installation and Operations Manual for the procedure for 
contacting NGC’s technical support. 
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describes its capabilities. 
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before you start a monitoring session. It 
also discusses the menu structure. 


Describes how to display various types 
of statistics gathered in the current 
monitoring session. 
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about stations on the network, which 
affects the way the monitor observes the 
network and generates alarms. 
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Lists all warning and error messages and 
describes recommended actions. 


Lists and describes the report fields that 
you can insert in a report script. 


Figure iii. Scope of each chapter or appendix in this manual. 
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Navigational Aids Used in This Manual 


To help you find procedures easily, a separate list of procedures is 
provided in this manual in addition to the Table of Contents and List 
of Figures. Also, the “Recommendation” entries in the Index point 
you to suggestions for getting the most from your token ring monitor. 
On several occasions, this manual refers to publications from other 
vendors; the List of References lists the titles of these publications. 


This manual uses icons in the margin to help you locate important 
information as explained below: 


The paragraph next to this icon contains information that is especially 
important; you should be certain to read it carefully before you 
proceed. 


A warning gives you instructions that you must follow to avoid 
possible damage to data files, program files, or hardware devices. 


A cautionary paragraph provides information that you need to avoid 
injury to yourself or others. 


A recommendation describes a useful and valuable way of using the 
product. 


A procedure is a series of steps for accomplishing a particular task. 


Conventions Used in This Manual 


Special Notations 


The following describes the conventions used in this manual: 
Bold Menu options are in bold type. For example: 
Move to Display and press Enter. 


UPPERCASE The filenames and command names you type ata DOS 
prompt are in uppercase. For example: 


Modify the AUTOEXEC.BAT file if necessary. To 
duplicate the file, use the COPY command. 


Bolditalics Variables, for which you insert values, are in bold 
italics. For example: 


Type the number of minutes and seconds in the mmiss 
format. 


Screen font Screen messages are printed in monospaced font. For 
example: 
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Terminology 


If a monitoring session is in progress, the following 
message appears: 


You must stop monitoring before you can use this feature. 


Hexadecimal numbers mentioned in the manual are followed by 
“(hex)”; numbers without any notations are decimal. For example, 
“The maximum number of stations is 75. The default memory address 
is D8000 (hex).” 


The terms “SniffMaster console” and “Sniffer server” refer to the 
hardware units of the Distributed Sniffer System. The term 
“application” refers to a software component (that is, the monitoring 
or analysis program) running on the Sniffer server. 


This manual sometimes uses the abbreviated names for the various 
components of the Distributed Sniffer System. The terms “server” and 
“console” mean the Sniffer server and SniffMaster console, 
respectively. The term “monitor” stands for the token ring monitoring 
application, and the term “analyzer” stands for the token ring analysis 
application. 


Screen Displays and Keyboard Input 


All the keystrokes mentioned in this manual are entered from the 
SniffMaster console. Similarly, all the screen displays generated by 
the monitor appear on the console’s screen. 


The screen displays in this manual may not be exactly the same as 
what you see on your console screen. For example, you can choose to 
have the console show the server name on each monitor display, but 
the screens in this manual do not show the name. 


Other Sources of Information 


On-Line Help 


Network General Corporation (NGC) provides other sources of 
information that can help you get familiar with the Distributed Sniffer 
System. 


After highlighting an item in a console, analyzer, or monitor menu, 
you can see a phrase or sentence in a panel near the bottom of the 
screen. It explains the meaning of the highlighted item. 


If you want to obtain general information on a particular feature of the 
Distributed Sniffer System, press F1 at any time. A window 
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Tutorial 


Technical Support 


containing a list of topics opens. If you are displaying a monitor 
statistics screen, pressing F1 gives you information on the current 
screen. 


NGC distributes a booklet with accompanying diskette entitled Real 
Networks. Real Problems. It presents case studies based on data 
captured with a Sniffer network analyzer from four different 
networks. The Sniffer analyzer and the server's analysis application 
have different capabilities, but the case studies allow you to see how 
investigation of a network problem proceeds. 


You can obtain the tutorial free of charge from any of the company’s 
sales representatives or directly from NGC. 


If you have problems with the Distributed Sniffer System, refer to 
Appendix A, “Troubleshooting Guide,” in the Distributed Sniffer 
System: Installation and Operations Manual for the procedure for 
contacting NGC’s technical support. 
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Chapter 1. Product Overview 


Chapter Overview 


The token ring monitor is a network monitoring program that runs on 
a token ring Sniffer server. This chapter describes the monitor's 
features, typical application, and requirements. 


What the Monitor Can Do 


> 


The monitor provides an accurate picture of network activity at any 
moment or a historical record of network activity over a period of 
time. This information helps you find traffic overloads, plan for 
network expansion, detect intruders, establish performance baselines, 
and distribute traffic more efficiently between servers and subnets. 


The monitor’s report capabilities let you communicate this 
information to others, complete with graphs and tables. The alarm 
capabilities alert you to problems with the network or with individual 
stations before users call you to complain. 


The following list summarizes the capabilities of the monitor: 


* Monitors up to 1,024 network stations at data rates of up to 
3,000 frames per second 


* Generates visible and audible alarms for the entire network or 
for individual stations 


* Compiles a historical alarm log 


* Provides real-time traffic and historical information for 
individual stations as well as for the entire network 


* Sorts statistics to show only those items that interest you 
* Creates customized management reports. 


The monitor does not inform you if it is losing frames from the 
network. This happens when the traffic on the token ring exceeds 
approximately 3,000 frames per second. 


The monitor rounds up small percentages to 0.01%. Keep this in mind 
when you interpret percentages in statistical views or reports. 


Typical Application 


This section describes how the monitor is typically used to gather 
statistics on the network, which are reported to the console. For an 
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overview of how the console and the server communicate with each 
other, refer to the Distributed Sniffer System: Installation and Operations 
Manual. 


The monitor only monitors frames on the token ring network to which 
the Sniffer server’s Monitor Card is attached. Figure 1-1 shows how 
the monitor is typically used on a token ring network. 


Network Stations 


Ring 
Bridge 


The monitor on the server monitors Network A 


Token Ring Sniffer Server only, although it provides statistics related to 
traffic routed by the token ring bridge. 


Figure 1-1. A Sniffer server running the monitor on a token ring network. 


System Requirements 


The monitor can be used only on an IEEE 802.5-compatible network 
that operates at 4 Mb/s or 16 Mb/s. 


Each token ring Sniffer Server is loaded with either the NetBEUI or 
IPX protocol stack. The NetWare® features described in this manual 
apply only to a server with IPX. 


Ed If you are running the IBM® LAN Manager on the network, you must 
set its Trace Option to “All” in order for the monitor to monitor the 

network. This setting allows all adapters to trace frames. Without this 
setting, the LAN Manager will remove the monitor from the network. 
For further information on how to set the option, refer to IBM’s 
documentation on LAN Manager. (The LAN Manager described here 
is a program from IBM that manages a local area network; it is not the 
LAN Manager developed by Microsoft®, which is part of an 
operating system.) 
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General 


Chapter 2. Getting Started 


Chapter Overview 


You can modify the option settings presented in the monitor’s Main 
Menu to specify how the monitor operates. For example, you can 
determine: 


¢ How the monitor monitors the network 
¢ How the monitor collects statistics 
* How the monitor presents statistics. 


The monitor is shipped with default option settings that you can use 
to start a monitoring session. However, it may become necessary to 
customize these settings to suit the needs of your network. Familiarize 
yourself with these options so that you can interpret and use the 
statistics efficiently. 


This chapter describes the following: 


* Performing the minimum amount of configuration for a 
monitoring session. More information on how to further 
customize the monitor is given in the chapters that follow. 


* Interacting with the monitor. 


* Running the monitor in the background. 


Outline of the Getting-Started Procedure 


The following list outlines the steps for getting started with the 
monitor: 


1. Start the monitor application. 


2. Specify whether the monitor monitors all stations or a 
particular station. 


3. Specify the types of frames to be monitored. 


4. Specify the station for which history statistics are to be 
collected. 


5. Start a monitoring session. 


The following sections describe these tasks in detail. 
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Starting the Monitor 


Refer to the Distributed Sniffer System: Installation and Operations 
Manual for information on starting the monitor. 


When you start the monitor, the following happens: 


* The Sniffer server loads the monitor driver into memory, 
which is a memory-resident program for monitoring the 
network. 


* The Sniffer server loads the monitor application program into 
memory, which displays the Main Menu (Figure 2-1). On the 
Main Menu, you can start a monitoring session, configure 
option settings, and use other features of the monitor. 


lobal statistics 


Single station 
1 Network Transmit timer All stations 
General Station test Frame sizes 
Monitor filters 


History 


Token-Ring Sniffer 
Network Monitor arm Global history 
Report Station history 
Version 1.30 Manage stations 


Options Class 
(C) Copyright Exit 
1988 - 1991 Network usage 
Display traffic statistics. 


————se the arrow keys to move, or ENTER to do this function———— 


1 10 ‘New 
Help monitor} 


Figure 2-1. Main Menu. 


Interacting with the Monitor 


This section describes the notations used in the monitor menus, and 
how you select options and values. For specific tasks (for example, 
displaying statistics for a particular station), refer to the chapters that 
follow. (If your Sniffer server is equipped with the analyzer, notice 
that the monitor’s menu structure and user interface are consistent 
with those of the analyzer.) 
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Interacting with the Monitor 


The Menu Structure 


All functions of the monitor are accessible through the Main Menu, 
which is the center panel in Figure 2-1. When the Main Menu first 
appears, the Display option is highlighted. Options associated with 
the Display option are listed in the panel to the right. This 
organization is consistent throughout the monitor’s menu structure: 
options associated with any highlighted option in the center panel 
always appear to the right. 


In this manual, a list of options displayed in a panel is called a menu; 
the name of the menu is the highlighted option in the center panel. For 
example, in Figure 2-1, the highlighted option is Display, and the 
right panel is the Display menu. 


A back slash is used in this manual to specify the location of an option 
if more than one level of menu is involved. For example, to refer to the 
Numeric option associated with the Global statistics option in the 
Display menu, the manual uses this notation: the Numeric option in 
the Display \Global statistics menu. 


Moving Through the Menus 


You can move through the menu structure both vertically and 
horizontally. A highlight shows your current location. Move through 
the menus by: 


* Pressing the cursor keys: 


For example, when Display is highlighted, pressing Cursor Up 
deselects Display and highlights History. 


* Pressing the Page Up, Page Down, Home, and End keys: 


For example, if your current selection is Display, pressing Page 
Up or Home selects the first command, Transmit timer; 
pressing Page Down or End selects the last option in the list, 
Exit. 


* Typing the first letter of the command’s name: 


If two or more options start with the same letter, the monitor 
selects the one that immediately follows the current command. 
For example, if the command currently highlighted is Display, 
pressing M selects Manage stations; but if Station test is the 
current selection, pressing M selects Monitor filters. 


Options in the Main Menu 


In the Main Menu, a carriage return symbol (#) appears to the right 
of Transmit Timer, Display, and Exit. The symbol indicates that you 
can press Enter to trigger an action when the option is selected. That 
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is, if Display is highlighted, pressing Enter displays one type of 
statistic; if Exit is highlighted, pressing Enter leaves the Main Menu. 


Other commands in the center panel are not followed by carriage 
return symbols. They are for displaying options and specifying 
values. For example, when History is highlighted, pressing Enter 
does not trigger any action. Highlighting History displays the History 
menu, which shows the current settings that determine how the 
monitor accumulates history statistics. If necessary, use the cursor 
keys to move to the desired setting and modify the value. 


Choosing Menu Options and Defining Values 


After selecting an option that triggers an action, you can press Enter 
to execute it. If you select a menu item that does not generate an 
action, move to one of its options. 


Regardless of the type of option selected, if you highlight an option 
followed by a carriage return symbol and press Enter, one of the 
following happens: 


* Anaction is triggered. For example, if you move to Clear in the 
Report menu, the monitor removes the report script from 
memory. 


* A list of values or a dialog box appears. The value you specify 
in the list or dialog box affects how a future action works. For 
example, if you move to Stn in the History menu, a list of 
station addresses appears for you to select the desired station 
for which history statistics are to be gathered. Refer to the 
section, “Choosing Among Values,” for further information on 
how to assign a value to an option. 


The monitor “remembers” the values you assign even after you exit 
the program or turn off the server. The next time you start the 
monitor, the same settings appear on the menu. However, if the server 
is powered off while the monitor is running, it loses the new values 
that you assigned in the last session. 


Choosing Among Menu Options 


A list containing mutually exclusive options is identified by a vertical 
bar beside it. To select an item, move to it and press the Spacebar. If 
an item is selected, an arrowhead is moved next to it. For example, if 
Alarm log is selected, the symbol “|>” appears to its left, as shown in 
Figure 2-2. 
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Global statistics 

Single station 
Transmit timer All stations 
Station test Frame sizes 
Monitor filters Routing info 
History SAP protocol type 
Display Alarm log 
Alarm istory 
Report Station history 
Manage stations 
Options Class 
Exit 

Network usage 


Display, acknowledge, and clear alarms. 


<== Press space to select this optin=———=—=—— 


Le 18 New 
Help monitor} 


Figure 2-2. Alarm log option in the Display menu. 


Not all options are included in a list. For example, the Class option in 
the Display menu appears by itself. Selecting Class displays another 
menu, which lists mutually exclusive values (To, From, and Both) 
that determine the type of traffic to be displayed. To select the desired 
value, move to the value and press the Spacebar. 


Choosing Among Values 


For some options, you can assign values, and the assigned value is 
displayed after an equal sign. For example, one of the options in the 
Alarm menu is displayed as Auto clear = 01:00. It means that the value 
1 hour has been assigned to the Auto clear option. 


To assign a value, move to the option and press Enter. Then one of the 
following happens: 


* A dialog box appears, prompting you to type a value. 
Type a value within the permissible range and press Enter. 


* A list of values appears. Move to the desired value and press 
Enter. 


If you do not want to enter or select a value after the dialog box is 
opened, press Esc to close the box and return to the menu. 


Figure 2-3 is an example showing a station list from which you choose 
a station. 
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TATION LIST: 
Alex Zwick 
Anthony Serrao 
Barbara Lemmon 
Barney Ingram 
Bill Goodman 
David Brooks 
Denise Martin 
<! Stn = File Server # Ed Hicks 
All stations 
Frame sizes Numeric red Biddle 
Routing info Graphic George Stanley 
SAP protocol types! Helene Milici 
Alarm log <q Jack Clayton 
Global history James Wylie 
ore! Jill Franz 
Select a station for display. Ken Quinn 
Linus Stanwick 
————se the arrow keys to move, or ENTER to do this f] Mark Ellison 
Michael Harley 
Miles Russell 
Press ESC to exit: 


Figure 2-3. Station list. 


Toggling Values 


Some options can be toggled; that is, you can either select or deselect 
them. For example, if you select the All stations option in the Display 
menu, the option Active stns only, preceded by a V mark, appears in 
the right panel. This option determines the type of station to be 
included in the display, and the V mark indicates that it has been 
selected. 


To select an option, move to highlight it and then press the Spacebar. 
A V mark precedes a selected option. Pressing the Spacebar again 
deselects an item, displaying an x mark next to it. 


If you press Alt and the Spacebar simultaneously, the V and x marks 
are reversed for all items in the same menu. 


Figure 2-4 shows the configuration of the All stations option in the 
Display menu. 


ce 
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x Partner's name 
Global statistics # x Ring state 
Single station / Frames 
All stations d / Errors 
Frame sizes d Y Bytes 
Routing info < Y Average size 
SAP protocol types¢#!] Sort by Y Network usage 
Alarm log ¢d x First activity 
Global history #1 ¥ Active stns only x Last activity 
Station history J] x Inserted stns only | x Elapsed activity 


ore 
Display station activity in a tabular format. 


Press space to select this option: 


10 New 
monitor 


Figure 2-4. Configuration of the All stations option. 


Using the Function Keys 


When the monitor displays a menu or statistical display, you can use 
the function keys to manipulate the display or perform various 
monitor functions. 


From menus, you can use the following function keys: 


F1 (Help) displays the main Help menu. For further 
information on the Help menu, refer to the section, “Using On- 
Line Help” on page 2-10. 


F3 (Display) displays the statistics according to the options 
associated with Display. This key is applicable only after you 
start a monitoring session. 


F10 (New monitor/Stop monitor) starts or stops a monitoring 
session. This key toggles between the two functions. 


From views, you can use the following function keys to navigate 
between menus and options. Other function keys might be available, 
depending on the view being displayed. Those keys are described in 
the chapters corresponding to the views. 


F5 (Menus) returns you to the Main Menu. 


F6 (Display options/ Return) lets you display and edit options 
without returning to the Main Menu. This key toggles with 
“Return,” which returns you to the view. 
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Using On-Line Help 


In addition to using the function keys, you can press Esc to go back to 
the previous screen. 


The monitor provides an on-line help facility that displays 
information about the following topics: 


Moving around the menu tree 
Selecting menu options 

Using the function keys 
Testing the transmit wait time 
Running protocol-specific station tests 
Monitoring network traffic 
Setting monitor filters 
Specifying history information 
Displaying statistics 

Working with alarms 

Using the report writer 


Managing station information. 


To use on-line help: 


bs 


Press F1 (Help) to display the Help menu or relevant submenu. 
If you press F1 when one of the monitor views is displayed, a 
description of that view appears. 


In a Help menu, move to the topic for which you want 
additional information and press Enter. 


To scroll through explanatory text, press Cursor Up or Cursor 
Down. 


Press Esc to return to the Help menu. Press Esc again to return 
to the screen display before you used on-line help. 


Preparing for a Monitoring Session 


Preparing for a Monitoring Session 


Before starting a monitoring session from the Main Menu, decide on 
the following: 


* Which stations you wish to monitor (all stations or a single 
address) 


* Types of frames to be monitored (Logical Link Control frames, 
Medium Access Control frames, or both) 


* Station for which you wish to collect history statistics. 


= Monitoring only one station means that you restrict monitoring to the 
frames from or to a particular station. Remember that the statistics the 
monitor compiles are based on these frames only. For example, if you 
choose to monitor Station A and it has not been sending or receiving 
frames, the monitor shows no global statistics even though other 
stations are active during this monitoring session. The monitor has 
already filtered out traffic from or to other stations. 


If you restrict monitoring to a single station, familiarize yourself with 
how the monitor generates alarms by reading the section 
“Interpreting Alarms When Using Monitor Filters” on page 5-7. 


Be sure that the token ring network interface card in the Sniffer server 
is set to the same speed as the network that it monitors. A server 
entering the network at a different speed may cause the network to be 
inoperable. The speed of the server is displayed in the Options menu. 
For information on changing the speed setting on the network 
interface card, refer to the Distributed Sniffer System: Installation and 
Operation Manual. 


Specifying Which Stations to Monitor 


Monitoring all stations gives you the option of displaying statistics for 
any or all stations. If you have not started a monitoring session before, 
it is recommended that you monitor all stations. 


To specify which stations to monitor: 


1. You can specify the stations only when the monitor is not 
monitoring. Make sure that the key label for F10 is “New 
monitor.” The key label “Stop monitor” indicates that a 
monitoring session is in progress. To stop a session, press F10. 


Move to Monitor filters in the Main Menu. 


2. To monitor all stations, move to the All stations option and 
press the Spacebar. 


To monitor a particular station, move to the Stn option and 
press Enter to display the station list. Move to the station to be 
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monitored, and press Enter. The monitor observes only the 
frames to or from the specified station. 


The station list contains the same station names that are in the 
STARTUP.TRD file in the TRSNIFF directory, which is also 
used by the analyzer. Refer to “The Station List” on page 2-13 
for further information on how the monitor adds station 
addresses to the list as it monitors the network. 


The new setting takes effect in the next monitoring session. 


Specifying the Types of Frames to Be Monitored 


You can configure the monitor to monitor only the MAC frames, the 
LLC frames, or both. The MAC frames contain information on the 
network status, and are generated automatically by network interface 
cards on the token ring network. The LLC frames are data frames sent 
by the host computers on the network. 


To specify the types of frames to be monitored: 


1. Stop the monitor if a monitoring session is in progress. Move to 
Monitor filters in the Main Menu. 


2. Tomonitor both MAC and LLC frames, move to All frames. To 
monitor either type of frame, move to LLC frames or MAC 
frames. Press the Spacebar to choose the option. 


The new setting takes effect in the next monitoring session. 


Specifying History Options 


History statistics provide an overview of when the network was busy, 
at what time of the day stations generated errors, and so on. You can 
configure the monitor to collect history statistics for a specified 
address. 


Be sure that the station for which the statistics are collected is also a 
station that the monitor monitors. Suppose it monitors the traffic to 
and from ServerA only and you specify that history statistics be 
collected for ServerB. The monitor displays no station history 
statistics for ServerB. 


To select the station for which the monitor will collect history 
statistics: 

1. Move to the Stn option in the History menu. 

2. Press Enter to display the station list. 


3. Move to the station that you want to collect history statistics for 
and press Enter. 
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Using the Monitor with the IBM LAN Manager 


Using the Monitor with the IBM LAN Manager 


If you are running the IBM LAN Manager on the network, set its Trace 
Option to “All” before starting a monitoring session. This setting 
allows all adapters to trace frames. Without this setting, the LAN 
Manager will remove the monitor from the network. For further 
information on how to set the option, refer to ]BM’s documentation on 
LAN Manager. (The LAN Manager program described here is IBM’s 
software for managing a local area network, not the LAN Manager 
developed by Microsoft, which is part of an operating system.) 


Starting a Monitoring Session 


The Station List 


The monitor is ready to monitor the network after you configured it 
according to the instructions in the previous sections. 


To start a monitoring session: 


Press F10 (New monitor). The monitor displays these messages, one 
after the other: 


Resetting the network card. 
Entering the ring. 


It takes about 30 seconds for the monitor to enter the network. After a 
monitoring session starts, the key label on the screen for F10 changes 
to “Stop monitor.” 


You can examine the statistics gathered in a monitoring session in 
various ways. For example, you can display statistics, generate 
statistical reports, view the alarm log, and so on. The chapters that 
follow describe these tasks in detail. 


The monitor can automatically start a monitoring session every time 
it prints a report. This is controlled by the Restart monitor option in 
the Report \ Auto print menu. Refer to “Printing a Report 
Automatically” on page 6-19 for more information on restarting a 
monitoring session. 


When you first run the monitor, the station list contains the station 
names in STARTUP.TRD, a station data file that is also used by the 
analyzer if the analyzer software is available on the server. The station 
list remains in memory until you terminate the monitor. If you want 
to monitor or collect statistics for a particular station, choose the 
station from this station list. 


Once the monitor starts a monitoring session, it can detect unnamed 
stations on the network. If you set Monitor filters to All stations, it 
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detects any station that transmits frames on the network during the 
monitoring session. If the Stn option is selected instead of All 
stations, and Stn is set to an address, the monitor detects those 
stations that have sent frames to or received frames from the specified 
address. In either case, the monitor adds the detected station to the 
station list. 


For further information on naming stations and STARTUP.TRD, refer 
to Chapter 4, “Managing the Station Data Files.” The Distributed 
Sniffer System: Analyzer Operations Manual also describes the station 
data file. 


If a station you want to collect statistics for does not appear on the list 
after monitoring the network for a while, check to make sure that the 
station is powered on and sending frames. If the station’s address still 
does not appear in the station list, this may indicate a connectivity 
problem between the station and the network. 


Figure 2-5 illustrates how the monitor uses the station list. 


Adding unnamed addresses 
detected on the network 
during a monitoring session. 
Unnamed addresses remain 
oo in memory until the driver is 

Loadingto | | Saving ~ terminated. 

memory when | | addresses to the 

yourunthe | | disk after they 

monitor | | have beennamed 


IOMION 


STARTUP.TRD 


Disk 


Sniffer Server 


Figure 2-5. The monitor loads and modifies the station list. 
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Stopping a Monitoring Session 


Naming Stations 


ey 


You are not required to name all stations on the network before 
starting a monitoring session. However, it is recommended that you 
name the stations for these reasons: 


When the monitor detects a station on the network that has not 
been assigned a name, the monitor may generate an unknown 
station alarm. (The unknown station alarm is disabled by 
default; so this happens only if you have enabled it. For more 
information on controlling alarms, refer to Chapter 5, 
“Working with Alarms.” ) This alarm alerts you to intruders or 
to possible problems with network bridges or malfunctioning 
network interface cards. It is useful only if all the legitimate 
stations have been named. 


The unnamed station addresses are lost when you remove the 
monitor driver from memory or start a new monitoring 
session. 


The monitor loads the station names into the station list in 
memory when you start the monitoring application and adds 
unnamed stations to the list once it starts monitoring. But if 
more than 1,024 stations exist on the network, the monitor 
stops adding unnamed stations to the list. Any station not in 
the station list cannot be monitored. 


For further information on naming stations, refer to Chapter 4, 
“Managing the Station Data Files.” 


Stopping a Monitoring Session 


When you stop a monitoring session, the driver stops monitoring, but 
remains in RAM. 


To stop a monitoring session: 


io 


Press F10 (Stop monitor). The following message appears: 


The Sniffer Network Monitor will stop monitoring if you proceed. Press 
ENTER to proceed. Press ESC to cancel. 


Press Enter. The following things happen: 
* The label of F10 on the screen changes to “New monitor.” 


* Ifyou display a statistics view, the clock in the upper right 
corner shows “ENDED,” followed by the time at which you 
pressed F10. 


* The statistics gathered during the monitoring session that 
you just terminated are still available for display. They are 
lost, however, once you start another monitoring session. 
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To save the statistics, generate reports according to the 
instructions in Chapter 6, “Creating Reports.” 


Monitoring in the Background 


You can run the monitor in the background, without displaying the 
Main Menu or any statistical view. This allows you to transfer files 
between the Sniffer server and the SniffMaster console while you are 
monitoring the network. 


However, monitoring in the background has these limitations: 


You cannot display statistics. 


When you stop the monitoring session, the monitor loses the 
statistics collected. 


You cannot save history statistics and reports to the disk. 


When the monitor generates an alarm, it does not send the 
alarm to the console. (For more information on alarms, refer to 
Chapter 5, “Working with Alarms.”) 


To monitor the network in the background: 


Ai 


2. 


Start the monitor and initiate a monitoring session as you 
normally would, following the instructions provided earlier in 
this chapter. 


Move to Exit on the monitor’s Main Menu and press Enter. 


The Main Selection Menu appears. The driver in the server's 
memory continues to monitor network traffic, but you can now 
perform other tasks on the server. For example, you can 
transfer a particular report from the server to the console. 


You might want to bring the monitor back to the foreground after a 
period of background monitoring, for example, to display statistics or 
alarms. 


To bring the monitor to the foreground: 


Le 


At the DOS prompt, type MENU and press Enter. The server's 
Main Selection Menu appears. 


Select Token-Ring Monitor and press Enter. The Monitor 
Services Menu appears. 


Select Run the User Interface and press Enter. The monitor’s 
Initialization screen appears. 
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Monitoring in the Background 


4. Press any key to display the monitor’s Main Menu. The key 
label for F10 on the screen is “Stop monitor,” which indicates 
that the monitoring session is in progress. 

To stop a background monitoring session: 
1. Bring the monitor to the foreground. 
2. On the monitor’s Main Menu, press F10 (Stop monitor). 


Alternatively, you can stop a background monitoring session and 
remove the driver at the same time. This procedure is described in the 
section, “Removing the Driver from Memory.” 


Removing the Driver from Memory 


The monitor’s driver program is loaded into the server’s memory 
when you start the monitor. If both the monitor and analyzer are 
installed on the server, you must first remove the driver from memory 
before starting the analysis function. 


To remove the driver from memory: 
1. Display the server’s Main Selection Menu. 


2. Select Token-Ring Monitor and press Enter. The Monitor 
Services Menu appears. 


3. Select Shutdown the Background Processes and press Enter. 
The following messages appear: 


The monitor process is about to be shut down. 


If you do not want to shut down the monitor at this 
time, answer 'n' at the prompt and hit the enter key. 


Do you wish to shut down the monitor? Cy/n] 
4. Type Y and press Enter. These messages appear: 


Shutting down the monitor ... 
TRMONDRV removed from memory 


The Main Selection Menu is displayed. 


Removing the driver from memory terminates the monitoring session 
and erases from memory all statistics that the monitor has gathered. 
To save the statistics, you can print out or save a report to disk. For 
further information on report writing, refer to Chapter 6, “Creating 
Reports.” 
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Chapter 3. Displaying Statistics 


Chapter Overview 


This chapter describes how to display the statistics the monitor 
gathers during a monitoring session. You can choose what you see 
and how you see it. 


The following are examples of what you can display: 
* Traffic statistics for the entire network (global statistics) 
* Traffic statistics for a single station 
* Traffic statistics for every station on the network. 
The monitor sorts all these statistics according to your specifications. 


This chapter describes the general display options and discusses the 
display for each type of statistic. For various types of information in 
each view, refer to Chapter 9, “The Monitor Menu Items.” 


Display Options 


A number of options are available for customizing statistical views. 
This section describes only the ones that apply to more than one type 
of statistic. More specific options (for example, Route path and Route 
length, which apply only to Routing info) are discussed in the 
sections that follow. 


The following is a list of general options that determine a statistical 
view’s contents and format: 


* Type of statistic to display (for example, Global statistics or 
Alarm log). 


* Format of the display (that is, whether statistics are displayed 
numerically or graphically). This applies to some types of 
statistics only. 


* Class of traffic (that is, traffic to or from the station, or both). 
* Network usage (that is, relative or absolute). 


After you start monitoring, pressing F3 (Display) displays the 
statistics according to the options you specified. 
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Numeric vs. Graphic Display 


You can configure the monitor to provide either a numeric or graphic 
display for the following types of statistics: 


* Global statistics 
* Single station 

* All stations 

* Global history 

* Station history. 


The numeric display consists of columns of numbers; the graphic 
display presents values in a histogram for a visual summary of 
network usage. 


For each graphic view, you can scale the usage axis using these 
methods: 


* Pressing F7 or Cursor Up scales up the axis, which makes the 
bars in the graph longer to show a greater level of detail. 


* Pressing F8 or Cursor Down scales down the axis, which makes 
the bars in the graph shorter. 


If a bar is longer than the axis, the monitor displays a triangle at the 
upper end of the bar. 


Class Option: To, From, or Both 
The Class option applies to the following types of statistics: 
* Single station (for the graphic display only) 
* All stations 
* Station history. 


For each station, the Class option determines whether statistics are 
displayed for received frames (To), transmitted frames (From), or 
both (Both). 


Network Usage Option: Absolute vs. Relative 
The Network usage option applies to the following types of statistics: 
* Single station 
* All stations 


* Station history. 


= 


Freezing the Screen Display 


The Network usage option can be set to one of the following: 


Absolute Statistics are measured as a portion of the total 
network capacity, which remains constant. For 
example, if all stations together use 10% of the total 
capacity, absolute usage is 10%. 


Relative Statistics are measured as a portion of the total traffic. 
For example, if one station accounts for all the traffic 
on the network, its relative usage is 100%; if four 
stations generate traffic in equal amounts, relative 
usage for each is 25%. 


It is possible that a station accounts for a high percentage of relative 
network usage but a low percentage of absolute network usage. For 
example, if there are only two active stations on the network, which 
generate about the same amount of traffic, their relative usage is 
approximately 50% each. But if these stations rarely generate traffic, 
their absolute network usage can be as low as 1%. In this case, about 
99% of the network capacity is unused. 


Only absolute network usage is displayed in global statistics views. 
The Relative option does not take effect, for example, when you 
display global statistics or global history. 


The value of network usage is rounded up to two decimals if it is less 
than 0.01%. For example, the absolute network usage is 0.01% for a 
station that received and transmitted a total of two frames, although 
these frames did not use as much as 0.01% of the network capacity. 


= If you choose the Both option in the Display \Class menu, the relative 
network usage percentage can add up to 200% because the monitor 
counts each frame twice: once for the source address and once for the 
destination address. 


Freezing the Screen Display 


When a statistical view is displayed during a monitoring session, 
pressing F9 (Freeze display) temporarily stops updates to the screen 
to make it easier to study specific statistics. The clock in the upper- 
right corner is stopped as well. In the background, however, the 
server continues collecting statistics, logging alarms, and generating 
reports (if these functions have been enabled). To redisplay the 
current statistics, press F9 again. 
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Scrolling the Screen Display 


If there are more stations than a screen can contain in a view, use F3 
(Prev station) or F4 (Next station) to view the previous or next station. 
In a numeric view, Cursor Up and Cursor Down perform the same 
function as F3 and F4, respectively. 


Displaying Global Statistics 


To look at the first screen of information, press Home; to look at the 
last screen, press End. 


The Global Statistics view displays traffic statistics for the entire 
network as they are updated, either in numeric or graphic format. 


Figure 3-1 is an example of the numeric Global Statistics view. The 
numeric view presents three categories of statistics: 


Traffic counts 


Error counts 


Timestamps 


Counts on the left show the amount of 
cumulative activity since the beginning of the 
monitoring session. Counts on the right show 
activity during the last second. 


The Error Counts column indicates the overall 
condition of the network, the number of 
oversized frames, the number of ring purges, and 
the number of soft error report frames. For 
further information on error counts, refer to 
Chapter 9, “The Monitor Menu Items.” 


To check which stations report most of the soft 
error frames, select the All stations option in the 
Display menu once you return to the Main Menu. 


The timestamps include the time when 
monitoring started and the time when the first 
and last network activities took place. The 
monitor also shows the duration of a monitoring 
session. 
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Displaying Global Statistics 


LOBAL STATISTICS@——_____________Oct, 2 ee 
Traffic Counts 


Maximum Inserted Stns Current Inserted Stns 


Total Stations 26 Active Stations 19 
Average Usage 4.38 % Current Usage 7.43 % 
Total Frames 1,523 Current Frames 255 
Total Bytes 328 645 Current Bytes 37,170 


Avg Frame Size 218 Avg Frame Size 


Error Counts 


Timestamps 


Ring State Monitor Started Oct 82 17:04:44 


Monitor Active @ day(s) 00:00:15 


Operating Normally 


Oversized Frames g 
Ring Purges ) First Activity Oct 62 17:04:45 
Soft Error Reports 2 Last Activity Oct 02 17:04:59 


Network Active day(s) 00:20:14 


D 6Disply 9Freeze—iO Stop 
Menus foption idisplaufimonitor] 


Figure 3-1. Global statistics (numeric view). 


Figure 3-2 is an example of the Global Statistics view in graphic 
format. As in the numeric view, the top portion of the graphic view 
shows traffic counts, both cumulative and for the last second. The 
bottom portion shows absolute network usage plotted as a graph and 
updated at one-second intervals. 


LOBAL STATIST]CS——AAADPDAAAAA__________Oct., 82 17:06:52 
Traffic Counts 

Maximum Inserted Stns Current Inserted Stns 

Total Stations Active Stations 

Average Usage Current Usage 

Total Frames Current Frames 

Total Bytes 5, 888, 297 Current Bytes 

Avg Frame Size 262 Avg Frame Size 


40 30 
Seconds 


D 6Displyfi7 Scalefi8 Scale—9Freeze—fi@ Stop 
Menus fifoption up down fidisplayf—imonitor 


Figure 3-2. Global statistics (graphic view). 
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KX To display global statistics: 
KOA 1. Move to the Global statistics option in the Display menu and 
press the Spacebar. 


2. Move tothe Numeric or Graphic option in the Display \ Global 
statistics menu and press the Spacebar. 


3. Press F3 (Display) to display the statistics. 


Displaying Station Statistics 


The Single Station view displays traffic statistics to and from specific 
stations as they are updated, either in numeric or graphic format. 


In the numeric view, there are three columns: 


* The top-left column identifies the station to which these 
statistics apply, as well as the station’s two most recent 
partners. 


* The top-right column shows combined transmission and 
reception activity. The current usage percentage represents the 
usage during the past second; other statistics are cumulative 
since the beginning of the monitoring session. 


* The lower-left portion shows transmission activity, and the 
lower-right portion shows reception activity. These portions 
show the same types of statistics, except that the lower-left 
portion includes the number of errors reported by the station. 
This error count is not included in the lower-right portion 
because soft error reports are not sent to individual stations. 


Figure 3-3 displays traffic to and from a single station. 


fa 


Displaying Station Statistics 


ABSOLUTE TRAFFIC STATISTICS-SINGLE STATION-——————————ctt. #2. 17:22:57. 

Traffic TO and FROM Station 

Station: File Server Current Usage 

Status: Monitor Average Usage 

Total Frames 

Last sent to: Alex Zwick Total Errors 
Last rev from: Ken Quinn Total Bytes 35,697,892 
Avg Frame Size 274 


Traffic FROM Station Traffic TO Station 


Current Usage 1.98 % Current Usage 3.28 % 
Average Usage 1.58 % Average Usage 5.82 % 
Total Frames 64,485 Total Frames 65,622 
Total Errors 24 

Total Bytes 8,258,712 Total Bytes 27,447, 188 

Avg Frame Size 128 Avg Frame Size 418 
Start Time Oct 82 17:84:45 Start Time Oct 82 17:04:45 

End Time Oct 2 17:22:57 End Time Oct @2 17:22:57 
Elapsed @ day(s) 00:18:12 Elapsed @ day(s) 00:18:12 


Pp. _. geDasply PFreezeql® Stop 
Menus fMopt ions} displaufimonitor 


Figure 3-3. Traffic statistics for a single station (numeric view). 


Transmission statistics are based on frames sent from the specified 
station; reception statistics are based on frames sent to the specified 
station. To illustrate this distinction, display the station statistics for 
the broadcast address. Since the broadcast address is only used as a 
destination address, you only see traffic in the “Traffic TO Station” 
category. 


In the graphic view, the top portion displays either receptions, 
transmissions, or both, depending on whether you selected To, From, 
or Both with the Class option. The bottom portion shows either 
absolute or relative network usage plotted as a graph and updated at 
one-second intervals. The bars in the graph also indicate the class of 
statistics. For example, on a color monitor, the yellow portion of the 
bar represents receptions, and the blue portion represents 
transmissions. Figure 3-4 shows a graphic view of statistics for a 
single station. 
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ABSOLUTE TRAFFIC STATISTICS-SINGLE STATIONN-————————cct. 2 17:31:24 
Traffic TO and FROM Station 


Station: File Server Current Usage 27.61 % 
Status: Monitor Average Usage 6.58 % 
Total Frames 195 , 386 
Last sent to: Jill Franz Total Errors 33 
Last rcv from: Barney Ingram Total Bytes 


52,647,364 
269 


Avg Frame Size 


9 6Disply—i/ Scale—i8 Scale—i9Freezegl@ Stop 
Menus foptions™ up down fidisplaufimonitor| 


Figure 3-4. Traffic statistics for a single station (graphic view). 


LON To display station statistics: 

RING) play 

N74 1. Move to the Single station option in the Display menu and 
press the Spacebar. 


2. Move to the Stn option in the Display \Single station menu and 
press Enter to display the station list. Move to the station you 
want to display statistics for and press Enter. 


3. Define how statistics are displayed. 


a. Move to the Numeric or Graphic option and press the 
Spacebar. 


b. To display the Class and Network usage options, press 
Cursor Left to move back to the Display menu. 


c. Press Page Down to move to Network usage. Then move to 
Absolute or Relative in the Display \ Network usage menu, 
depending on whether you want to show statistics as a 
portion of total network capacity or current traffic. Press the 
Spacebar to select the option. 


d. If you select the Graphic option, you can also define the 
Class options. Move to To, From, or Both in the 
Display \Class menu, depending on whether you want to 
display statistics for receptions, transmissions, or both. 
Press the Spacebar. 


4. Press F3 (Display) to display the statistics. 
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Displaying Sorted Statistics for All Stations 


Displaying Sorted Statistics for All Stations 


Sorting Statistics 


The statistical view for all stations contains various types of statistics 
for each station. You can customize the display by specifying the 
following on the Main Menu: 


* How the statistics are sorted 


* Whether the statistics are displayed in ascending or 
descending order 


* What statistics are displayed in the view 


* Whether the display is in numeric or graphic format. 


Figure 3-5 shows a numeric example of sorted statistics that include 
the station, the number of frames, errors, bytes, average frame size, 
and the percentage of absolute network usage. These statistics are 
sorted in descending order by the number of bytes. 


ABSOLUTE TRAFFIC STATISTICS TO AND FROM STATIONSN-———————Octt. 82 17:42:17 


Station Frames Errs Bytes Size %Usage 
1 File Server 276, 009 58 73,432,466 266 6.54 
2 Print Server 191,194 56 45,529,139 238 4.63 
3 Denise Martin 19,588 ] 18,011,113 919 1,59 
4 Mark Ellison 19, 881 4 15,513,678 783 1.37 
5 Ed Hicks 19,389 2 15,013,438 774 1.33 
6 Linus Stanwick 19, 286 3: 14,282,561 743 1.26 
7 Steven Anderson 19,264 15) 9,802,593 528 9.87 
8 William Griffith 19,582 8 6,804,908 347 8.60 
9 Tom Brown 19,623 1] 6,011,525 326 9.53 
18 Michael Harley 19,829 3 4,914,731 248 8.43 
11 Miles Russell 19,575 9 2,748,389 140 8.24 
12 Barbara Lemmon 19,565 9 2,707,797 138 8.24 
13 Bill Goodman 19,619 ) 2,929,836 128  §.22 
14 Barney Ingram 28,825 8 2,220,957 118 9.19 
15 Ken Quinn 19,201 2 2,228,098 115 6.19 
16 Alex Zwick 19,715 1 1,982,862 100 6.17 M 
17 Helene Milici 19,558 6 1,947,276 99 8.17 o 
18 George Stanley 19,981 6 1,796,588 98 15 r 
19 Jill Franz 28, 066 2 1,725,088 8 .15 e 
Robert Hayes 19,695 2 1,441,699 73 6.12 4 
3 Prevd Next—id 6Disply SFreeze—i® Stop 
stationfistationf§ Menus [options displayfimonitor 


Figure 3-5. Traffic statistics for all stations (numeric view). 


The monitor can sort statistics in a variety of ways. This is useful for 
comparing stations or for finding stations that match certain criteria. 
The following is a list of sort keys for both numeric and graphic 
displays: 


Name Name of the station. If a station is not named, the 
address is used. 
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Partner’s name 


Ring order 


Frames 


Errors 


Bytes 


Average size 


Network usage 
First activity 


Last activity 


Elapsed activity 


Last station that communicated with the station. 


Order in which the stations are located on the 
token ring network. 


Total number of frames transmitted or received, 
or both transmitted and received during a 
monitoring session. 


Total number of soft error report frames 
transmitted. (If the setting of the Class option is 
To, you are not allowed to sort by errors.) 


Total number of bytes transmitted, received, or 
both. 


Average size of frames transmitted, received, or 
both. 


Percentage of network usage. 
Time when the first frame was sent or received. 


Time when the most recent frame was sent or 
received. 


Time between the first and last activity. 


Types of Statistics Included in the View 


The Display \ All stations menu includes two options that limit the 
displayed statistics to particular stations, whether you select the 
numeric or graphic format: 


Active stns only 


Inserted stns only 


Stations that have sent or received frames on the 
network since the monitoring session started. 


Stations whose station status is active monitor, 
standby monitor, or snooper. (For further 
information on station status, refer to the section 
“ All Stations Statistics in Numeric Format” on 
page 9-18.) 


If both options are selected, a station, to be included in the view, must 
be an inserted station that has sent or received frames; if neither 
option is selected, all stations are included. 


If you select the numeric format, you can also select the types of 
statistics to be included in the display. The following list contains the 
statistic types. Most of the items in the list are the same as the sort 
keys. Refer to the section “Sorting Statistics” for information on those 


statistic types. 


Displaying Sorted Statistics for All Stations 


e Partner's name 


* Station status (For further information on station status, refer 
to the section “ All Stations Statistics in Numeric Format” on 


page 9-18.) 
* Frames 
* Errors 
* Bytes 


* Average size 

* Network usage 
* First activity 

* Last activity 

* Elapsed activity. 


7 If you select more options than can fit in the statistical view, use 
Cursor Left or Cursor Right to scroll hidden portions of the screen into 
view. Pressing Control and a cursor key moves you to the far right or 
left of any screen. 


Numeric vs. Graphic Display 


The numeric display can include various types of statistics according 
to your specification. Refer to “Types of Statistics Included in the 
View” on page 3-12 for more information. 


The graphic display shows the network usage of up to 10 stations at a 
time. The percentages are represented both graphically and 
numerically. To see more than the 10 stations, press Cursor Right or 
Cursor Left. 


The graphic display also indicates the class of traffic from which the 
statistics are derived. Specify the value of the Class option (To, From, 
or Both) in the Display \Class menu. 


Figure 3-6, for example, shows the stations with the highest amount 
of relative network usage for both transmissions and receptions. The 
statistics below the graph are derived from the transmission and 
reception counts, while the graph shows all three classes (To, From, 
and Both) for each of the listed stations. 


Distributed Sniffer System: Token Ring Monitor Operations Manual 


RELATIVE TRAFFIC STATISTICS TO AND FROM STATIONS————————Oct 82 18:£2:3 
16 pAAAAAA—AA—AA— Add —Ad—— Add — AMAA 


4 5 6 
Legend: To FROM BOTH 


File Server 6 Linus Stanwick 
Print Server : 7 Steven Anderson 
Denise Martin ! 8 William Griffith 
Mark Ellison 9 Tom Brown 

Ed Hicks ® Michael Harley 


re 
i 3 Prev§4 Next—S = (MoDisplugl7 Scalei8 Scale§i9Freezeff1@ Stop 
“Help stationfistationl Menus ffoptions™ up down fidisplaufimonitor 


Figure 3-6. Traffic statistics for all stations (graphic view). 


Procedure for Displaying Statistics for All Stations 


f KN To display and sort selected statistics: 
LY 1. Move to All stations in the Display menu and press the 
Spacebar. 


2. Follow these steps to define the type of traffic and network 
usage: 


Press C to move to the Class option. 


b. Move to To, From, or Both in the Display \Class menu. 
Press the Spacebar to select one of the options. 


c. Move to the Display \Network usage menu; press the 
Spacebar to select either Absolute or Relative. 


3. To specify the format of the display, move to the Numeric or 
Graphic option in the Display \ All stations menu and press the 
Spacebar. 


4. Ifyou select Numeric, a list appears in the right panel, which 
allows you to select the types of statistics to be included in the 
view. Move to any options in the list and press the Spacebar to 
select the options. 


at 


Displaying Frame Sizes 


5. To specify how the statistics are sorted, move to Sort by in the 
Display \ All stations menu. Two lists of options appear to its 
right. 


a. Move to the Ascending or Descending option in the first 
list and press the Spacebar. 


b. Move to the sort key displayed in the second list and press 
the Spacebar. 


For example, if you select Frames, the monitor sorts all 
stations by the number of frames and displays them from 
highest to lowest or vice versa, depending on whether you 
chose the Descending or Ascending option. 


6. To specify the types of stations to be included in the view, 
move to the Display \ All stations menu. 


If you want the view to include only the stations that have sent 
or received traffic, select Active stns only. 


If you want the view to include only the inserted stations, select 
Inserted stn only. 


7. Press F3 (Display) to display the sorted statistics you specified. 
If there are too many options to fit on the screen in the numeric 
view, use Cursor Right or Cursor Left to scroll them into view. 


To display stations either higher or lower in the sort order, 
press F3 (Prev station) or F4 (Next station). 


Displaying Frame Sizes 


This view shows how many frames fall into each of the predefined 
size categories and what percentage of frames each size category 
comprises. The graph illustrates these numbers for a visual summary. 
This information is useful for determining how to configure your 
network's data buffers. Figure 3-7 is an example of the Frame Sizes 
view on a 4-Mb/s network. 
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Size Frames Percent 9 28 48 62 80 120 
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Figure 3-7. Frame sizes view. 


IO To display frame sizes: 
1. Move to Frame sizes in the Display menu and press the 
Spacebar. 


2. Press F3 (Display) to display the frame size distribution. 


Displaying Routing Information 


The monitor provides two views that contain routing information. 
The Routing Paths view shows the amount of traffic routed to and 
from the local ring. The Routing Lengths view breaks down the 
number of routed frames by the length of the route, which is equal to 
the number of token ring bridges a frame has traversed. 


Figure 3-8 and Figure 3-9 are examples of the Routing Paths view and 
Routing Lengths view at a given time. 


Displaying Routing Information 


ROUTING PATHS ——————_—_______—__ENDED: Oct 38 15:25:2. 
Routed frames: 4,756 22.52% 
Non-Routed frames: 16,359 77.47% 


Frames to remote rings 
Local ring 2,158 Remote rings 


Frames on 18.18% Frames passing 
this local ring through local ring 


16,359 Frames from remote rings 553 
77.47% 1,929 2.61% 


- To broadcast destinations 
- To group/functional destinations 
- To non-transmitting stations 
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Figure 3-9. Routing Lengths view. 
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To display routing information: 


1. Move to Routing info in the Display menu and press the 
Spacebar. 


2. Move to Route path or Route length in the Display \ Routing 
info menu and press the Spacebar. 


3. Press F3 (Display) to display the routing information. 


Displaying SAP Protocol Types 


This view displays the number and percentage of either bytes or 
frames for each SAP (Service Access Point) protocol type. The view 
also illustrates these numbers in a bar graph. A Service Access Point 
is a logical point where protocol layers exchange services. For further 
information on SAP, refer to Token-Ring Network, Architecture 
Reference. 


Figure 3-10 is an example of the Protocol Types (SAPs) view that 
shows the distribution of bytes by protocol type. 


PROTOCOL TYPES (SAPS) 
SAP Bytes 


3,646,953 
2,816, 468 
8,411,349 

271,418 
9,981,558 
aes 


133,866 
251,949 
113,882 
63,231 
1,860,648 
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Figure 3-10. Protocol Types (SAPs) view. 


If you want breakdowns for protocol types other than those shown, 
use the DOS command, EDLIN, to add protocols to STARTUP.TRT. 
The file contains up to 32 entries; the maximum number of SAP labels 
is 16. 


Displaying the Alarm Log 


JX To display the SAP protocol type distribution: 
SY 1. Move to SAP protocol types in the Display menu and press the 


Spacebar. 
2. Move to the Bytes or Frames option and press the Spacebar. 


3. Press F3 (Display) to display the Protocol Types (SAPs) view. 


Displaying the Alarm Log 


The Alarm Log view shows the alarms in the server's alarm buffer. 
Figure 3-11 is an example of the Alarm Log view. 


ALARM, LOGAApAppP$P$aaa aa _§_—__ ct 26 16:35:42 
Ack 


Critical 


Warning 
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Warning 
Major 
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Warning 
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16:20:17 
16:23:16 
16:23:34 
16:24:24 
16:24:30 
16:29:50 
16:31:16 


Source 
Global Network 
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Barbara Lemmon 
George Stanley 
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Robert Hayes 
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Alex Zwick 
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James Wylie 
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Figure 3-11. Alarm Log view. 


Type/Description 

Abs usage exceeded ea 

Rel usage exceeded 

Rel usage exceeded ik 

Rel usage exceeded 5% 

5 or more error reports 

5 or more error reports 

25 or more error reports 

5 or more error reports 

5 or more error reports 

5 or more error reports 

25 or more error reports 
error reports 
error reports 
error reports 
error reports 
error reports 
error reports 
error reports 


10 Stop 
monitor} 


When the Alarm Log view is displayed, you can do the following: 


* Use Cursor Up or Cursor Down to highlight any alarm. Then 
acknowledge the highlighted alarm by pressing F3 (Ack 
alarm), which puts a V mark in the right column. 


* Clear the alarm by pressing F4 (Clear alarm), which deletes it 
from the alarm buffer. (For a complete discussion of alarms and 
the alarm buffer, see Chapter 5, “Working with Alarms.”) 
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To display the alarm log: 


1. Move to Alarm log in the Display menu and press the 
Spacebar. 


2. Press F3 (Display). The Alarm Log view appears. 


Displaying Global History Statistics 


The statistics in this view show the amount of network activity and 
number of soft error report frames during each history interval. (You 
can specify the length of the history interval; refer to the section 
“History” on page 9-5 for further information on the History option.) 
The monitor can collect history statistics for up to 1,024 history 
intervals. History statistics are particularly useful for troubleshooting 
and network maintenance tasks, such as determining periods of low 
activity to schedule downtime. 


History statistics are erased from memory when you start a new 
monitoring session or when you change the history interval during a 
monitoring session. 


The numeric view (Figure 3-12) shows the following types of 
information for each interval: 


* Interval number 

* Timestamp 

* Number of frames, errors, and bytes 
* Average frame size 


* Percentage of absolute network usage. 
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Displaying Global History Statistics 


21 Oct 26 16:36:43 : 4,533, 429 
20 16:34:43 , 7,229,993 
16:32:43 ; 5,747,665 
16:30:43 : 5,748,709 
16:28:43 ' 6,687,986 
16:26:43 i 6,382,822 
16:24:43 ; 6,407,811 
16:22:43 ; 6,571,694 
16:28:43 : 6,205,828 
16:18:43 ; 6,148,575 
16:16:43 ; 6,781, 864 
16:14:43 , 6,715,119 
16:12:43 . 6,152,979 
16:18:43 ; 6,511,299 
16:88:43 ; 5,513,472 
16:86:43 : 6,595, 404 
16:84:43 y 6,895,834 
16:62:43 ; 5,471,446 
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Figure 3-12. Global history statistics (numeric view). 


The graphic view (Figure 3-13) shows the following types of 
information: 


¢ Interval number 
* Timestamp 


* Percentage of absolute network usage in numeric and graphic 
formats. 
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Oct 26 16:36:43 
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16:32:43 
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Figure 3-13. Global history statistics (graphic view). 


KD To display global history statistics: 


L455 
S74 1. Move to Global history in the Display menu and press the 


Spacebar. 


2. Move tothe Numeric or Graphic option in the Display \ Global 
history menu and press the Spacebar. 


3. Press F3 (Display) to display the history statistics. 


Press F3 (View earlier) or F4 (View later) to view intervals recorded 
earlier or later. 


Displaying Station History Statistics 


The monitor collects and displays history statistics for the station you 
specified with the Stn option in the History menu. 


Although the numeric and graphic Station History views include the 
same types of information as the Global History views, you can 
customize the Station History views further to show whether: 


* History statistics include transmissions, receptions, or both 
* Network usage shown is absolute or relative. 


—_ You can collect station history statistics for only one station at a time. 
Also, history statistics are erased when you start a new monitoring 
session or if you change the history interval during a monitoring 


— 


Displaying Station History Statistics 


session. If you need to save them, generate a report or save them to 
disk. (Refer to “Generating a Report” on page 6-17 for information on 
creating reports; refer to “History” on page 9-5 for information on 
saving history statistics to disk.) 


Figure 3-14 and Figure 3-15 illustrates the history statistics for the 
station “File Server” in numeric and graphic formats, respectively. 
They both show the station’s transmission and reception traffic 
compared to the network capacity (that is, absolute network usage). 


ABSOLUTE HISTORY STATISTICS TO AND FROM File Server————ct. 26 16:39:86 
Time Frames Errs Bytes Size xUsage 


Oct 26 16:38:43 3,825 
16:36:43 16,513 
16:34:43 16,919 
16:32:43 14,263 
16:38:43 13,286 
16:28:43 14,555 
16:26:43 14,674 
16:24:43 15,689 
16:22:43 14,594 
16:28:43 14,588 
16:18:43 14,238 
16:16:43 15,392 
16:14:43 15,524 
16:12:43 15,719 
16:18:43 15,254 
16:88: 43 13,172 
16:86: 43 15,284 
16:84:43 14,325 
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Figure 3-14. History statistics for “File Server” (numeric view). 
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Figure 3-15. History statistics for “File Server” (graphic view). 
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KAS To display the station history: 


1. Move to Station history in the Display menu and press the 
Spacebar. 


2. Define how statistics are displayed. 


a. Move to the Numeric or Graphic option in the 
Display \Station history menu and press the Spacebar. 


b. Move back to the Display menu, and press C to select the 
Class option. 


c. Move to To, From, or Both, depending on whether you 
want to display statistics for receptions, transmissions, or 
both. Press the Spacebar. 


d. Move to Network usage in the Display menu, and then to 
either Absolute or Relative, depending on whether you 
want to show statistics as a portion of the total network 
capacity or as a portion of the current total traffic. Press the 
Spacebar. 


3. Press F3 (Display) to display the history for a selected station. 


Press F3 (View earlier) or F4 (View later) to view intervals recorded 
earlier or later. 
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CHAPTER FOUR: MANAGING THE STATION DATA FILES 


General 


Chapter 4. Managing the Station Data Files 


Chapter Overview 


The server's station data files in its C:\ TRSNIFF directory contain 
station-specific information. The STARTUP.TRD file contains station 
addresses and names; it is shipped with the server. The 
STARTUP.TRA file contains the alarm thresholds for each station; it is 
created the first time you change station information. (For further 
information on alarms, refer to Chapter 5, “Working with Alarms.”) 
As the monitor observes the network, it modifies these files by adding 
addresses that have been named. The monitor also assigns the default 
station alarm settings to these stations. 


If both the analyzer and monitor are available on the server, they use 
the same name file. They can modify STARTUP.TRD, and the change 
affects the operations of both. For further information on how the 
analyzer uses or changes the name file, refer to the Distributed Sniffer 
System: Analyzer Operations Manual. 


You can add stations manually by editing STARTUP.TRD with the 
DOS command, EDLIN. This lets you name stations that are not yet 
active on the network. 


This chapter describes how you customize the settings associated 
with each station in the data files. The description includes: 


* Displaying station information 

* Identifying stations 

* Assigning names 

* Assigning station alarm thresholds 
* Deleting stations 


* Returning to an earlier version of the data file. 


Displaying and Editing Station Information 


The Edit option in the Manage station menu displays the Manage 
Station Information view (Figure 4~1), in which you modify the 
station data files. Any changes you make are automatically saved 
when you exit this view. You can also display the Manage Station 
Information view by choosing Edit in the Alarm menu. 


The monitor automatically creates a backup copy of each data file the 
first time you modify it after starting the monitor. The backup data 
files are named BACKUP.TRD and BACKUP.TRA, and are stored in 
the C:\TRSNIFF directory. 
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ANAGE STATION 
Address Errors No Rsp 
QO00004E0652 Alex Zwick 5 5 
Anthony Serrao 
9000024E3400 Barbara Lemmon 
9$000004E3106 Barney Ingram 
$000004E7256 Bill Goodman 
$200004E5298 David Brooks 
9000004E2001 Denise Martin 
9000024E2108 Ed Hicks 
Q000004E4302 File Server 
$200004E3504 Fred Biddle 
Q202004E0025 George Stanley 
O200004E0062 Helene Milici 
Q200004E7506 Jack Clayton 
$000204E3249 James Wylie 
$200004E2301 Jill Franz 
$200004E8654 Ken Quinn M 
$000004E0012 Linus Stanwick Warning 0 
0202004E4523 Mark Ellison Warning r 
e 
t 


Warning 
Warning 
Warning 
Warning 
Warning 
Warning 
Warning 
Warning 
Warning 
Warning 
Warning 
Warning 


NO O01 01 01 OF OF 0 07 07 0 OF OF: 9: 97: 9: 9: 


$000004E3096 Michael Harley Warning 


$202004E8347 Miles Russell Warning 
se t and J then Hess Soag _E 


1 2 Apply 4Delete—is Edit§/ Thres| 
Help fidefault station Menus Potion lopt.ions| 


Figure 4-1. Manage Station Information view. 


How the Monitor Identifies Stations 


The monitor identifies stations by examining the 12-character strings 
that form the station addresses. You should ssign names to station 
addresses for the following reasons: 


* Ina statistical view, names are easier to identify than 
addresses. 


* You cannot save changes to station alarm thresholds for 
unnamed stations. 


* Unnamed stations are deleted from the station list if you 
remove the monitor’s driver program from the server's 
memory. 


* Unnamed stations trigger alarms when they generate traffic. If 
you do not assign names to the stations, you are unable to tell 
whether an alarm has been caused by an unnamed station, an 
intruder, or a network problem. (Refer to Chapter 5, “Working 
with Alarms,” for further information on unknown station 
alarms.) 


— If the address of an unnamed station is specified in any menu item 
before you remove the monitor driver from memory, the monitor 
keeps the address in the station list the next time you start the 
monitor. For example, if the Stn option in the Monitor filters menu is 
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Editing Station Information 


set to 000000123456 before you remove the monitor driver from 
memory, this address remains in the station list the next time you run 
the monitor. The address is also included in the USERLIST report and 
the Manage Station Information view. Such an address, although 
unnamed, does not cause an unknown station alarm. 


The section, “Editing Station Information,” describes different ways 
of naming stations. 


Editing Station Information 


Editing station information involves assigning names and alarm 
thresholds. After you assign station names, these names identify the 
stations in other views. 


Naming Stations Automatically 


If the stations you want to name are active and are running the same 
NetBIOS stack as the server, you can name them automatically. This 
feature saves you considerable time. 


f eS To name stations automatically with NetBIOS: 
NA, 


1. Move to Manage stations in the Main Menu. 
2. Move to the Probe for names option and press Enter. 


NetBIOS transmits a query to each unnamed address in the 
station list, and the monitor displays messages about the query. 
For example, for the unnamed address “IBM 788172,” the 
monitor displays this message: 


Attempting to name IBM 788172 


If the unnamed station does not respond, the monitor displays 
this message: , 


IBM 788172 did not respond 


If it receives a response, the monitor assigns a name to the 
station. After the monitor has finished the naming process, the 
message “Done” appears. To interrupt the process, press Esc. 


Naming Stations Manually 


Before naming stations, you must determine which address belongs 
to which station. The USERLIST report helps you identify all stations 
on the network. After knowing what stations exist on the network, 
you can add the names via the Manage Station Information view. 
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To run the USERLIST report: 
Monitor activity for several hours. 
2. Move to Report in the Main Menu. Then select the Load option. 


3. A window containing a list of reports appears. Move to 
USERLIST.SCR and press Enter. The monitor displays the 
information message,” Loading report script,” and returns to 
the Main Menu. 


4. Move to the Report\Print menu. 


5. To view the station addresses on screen, select the Screen 
option. You can also print out the station list by selecting LPT1 
or LPT2. For further information on printing a report, refer to 
the section “Printing a Report Manually” on page 6-18. 


6. Press Cursor Left to move back to the Print option. Press Enter 
to print the USERLIST report. It contains a list of station 
addresses detected by the monitor and the corresponding 
names. If an address is unnamed, the address itself appears in 
the name field. For each unnamed address, write down a name 
you want to assign to it. You will need the name when 
following the instructions in the next section. 


Naming a Station in the Manage Station Information View 


The Manage Station Information view contains alarm threshold 
information for all the stations listed in the USERLIST report. You can 
name a station or change an alarm threshold for a station in this view. 


To move to a station, use Cursor Up and Cursor Down. You can also 
type the first character of a station name or address to move to the 
station. However, if a station is named, you must type the first 
character of the name. For example, if the address “C00000000010” is 
named “Error monitor,” typing E selects it, but typing C does not. If 
the address “000065333333” is unnamed, press 0 to select it. 


To name a station: 


1. Move to Manage stations in the Main Menu. 


2. Move to the Edit option and press Enter to display the Manage 
Station Information view. 


3. Move to the station you want to name and press Enter. A dialog 
box appears with a list of the fields you can edit, as shown in 
the example in Figure 4-2. 
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Editing Station Information 


NAGE STATION INFORMATIO 

Address Name Errors NoRsp Idle %Usage Priority 
OO00004EG652 25 5 Off 25 Warning 
000000450303 Anthony Serrao > Warning 
$000204E3408 Barbara Lemmon Warning 
$000004E3106 Barney Ingran Warning 
9000004E7256 Bill Goodman Warning 
$020004E5298 David Brooks Warning 
POROOB4E2001 DrSTATION BA02004E0652 Warning 
9000204E21 08 Name = Warning 
9200204E4302 Errors = 25 Warning 
9000204E3504 No response = 5 Warning 
200004E0225 Idle = Off Warning 
9000004E0062 Relative usage = 25 % Warning 
O000004E7506 Priority = Warning Warning 
$000204E3249 t and J then press ENTER Warning 
$000004E2301 Jill Franz 25 Warning 
$200004EG654 Ken Quinn Warning 
9000004E0012 Linus Stanwick Warning 
$000204E4523 Mark Ellison Warning 
$000204E3096 Michael Harley Warning 
$200204E8347 Miles Russell 25 5 Warning 


Figure 4-2. Dialog box for editing station information. 


4. Move to the Name field and press Enter. Another dialog box 
appears. 


5. Type the station name in the dialog box. Station names can be 
up to 16 characters long; all printable characters are allowed. 
After you finish typing, press Enter. 


6. To return to the Manage Station Information view, press F6 
(Return); to change other values in the dialog box, go to the 
next section, “Changing Station Alarm Thresholds in the 
Manage Station Information View.” 


The name is saved automatically when you exit the Manage Station 
Information view. 


The Manage Station Information view alphabetizes the stations 
according to the station names. If a station does not have a name, its 
address is used for sorting. For example, the unnamed address “IBM 
784B1A” is listed after the station named “Error Monitor” and before 
the station named “LAN Manager.” Also, numerals are listed before 
letters. For example, the unnamed address “000065333333” appears 
before the station named “Active Monitor.” 


The stations may not be in the correct alphabetical order immediately 
after you edited the names. You can see the sorted names only after 
you exit the view and then display it again. 
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Changing Station Alarm Thresholds in the Manage 
Station Information View 


In the Manage Station Information view, you can display a dialog box 
for editing station alarm thresholds as shown in Figure 4—2. For 
further information on alarms, refer to Chapter 5, “Working with 
Alarms.” Be sure to follow the guidelines in that chapter when 
changing alarm thresholds. 


KO To change the station alarm thresholds: 
>O) 8 
A, 


1. Move to the Edit option in the Manage stations menu and press 
Enter. The Manage Station Information view appears. 


2. Move to the station whose settings you want to change and 
press Enter. A dialog box appears with a list of fields you can 
edit. 


3. Move to the desired field and press Enter to display an 
additional dialog box. Select or type a value and press Enter. 
For example, in Figure 4-3, a list of possible Errors threshold 
settings is displayed. 


Repeat this step for each threshold setting for the selected 
station. 


ANAGE STATION INFORMATION 

Addi Name Errors No Rsp Idle Usage Priority 

0000004E0303 Anthony Serrao 25 D Off 2) ‘Warning 
§004E3400 Barbara Lemmon FER h 

9000004E3186 Barney Ingram 

$020004E7256 Bill Goodman 

$000004E5298 David Brooks 

0200204E2001 Denise Martin 

QQ00204E2108 EpSTATION 220000 

OPOO004E4302 F 

0000004E3504 

0200004E0025 

QPLOLB4EL062 

0000004E7526 

$200004E3249 

0000004E2301 

P200004E0654 

$000004E0012 Linus Stanwick 

$000004E4523 Mark Ellison 

0000004E3096 Michael Harley 

$000004E8347 Miles Russell 

O002004E0100 Print Server 


Figure 4—3. Errors threshold for station alarms. 


4. Press F6 (Return) to return to the Manage Station Information 
view. 
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Global Alarm Thresholds and Default Station Alarm Thresholds 


5. Repeat steps 2, 3, and 4 for all the stations you want to edit. 


— Changing alarm thresholds during a monitoring session can lead to 
unexpected results. For example, if you change a threshold that has 
already triggered an alarm, no new alarm is triggered when the new 
threshold is reached. Therefore, it is best to make any changes before 

you start monitoring. 


Global Alarm Thresholds and Default Station Alarm 
Thresholds 


When the Manage Station Information view is displayed, you can 
change other alarm thresholds in addition to the ones described in the 
previous section. For example, press F6 to reset the station alarm 
thresholds to the default settings, or F7 to change the global alarm 
thresholds and station default thresholds. You can also change these 
settings with Alarms in the monitor’s Main Menu. For more 
information on thresholds and how to change them, refer to Chapter 
5, “Working with Alarms.” 


Deleting Stations 


You can delete stations from the Manage Station Information view. 
The changes are made to STARTUP.TRD and STARTUP.TRA as soon 
as you exit the Manage Station Information view. 


= To avoid unpredictable results, stop the monitor before deleting a 
station. If a monitoring session is in progress and the Manage Station 
Information view is displayed, press F5 to go to the Main Menu. Then 
press F10 to stop the monitor. (F10 is labeled New monitor on the 
screen when the monitor is off.) 


If the monitor detects the station that you have deleted, it generates an 
unknown station alarm (provided that this type of alarm is enabled). 


L ON To delete a station: 
1. Move to Manage stations in the Main Menu. 


2. Move to the Edit option and press Enter. The Manage Station 
Information view appears. 


3. Move to the station you want to delete and press F4 (Delete 
station). 
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Returning to the Previous Station Data Files 


When you make a change in the Manage Stations Information view, 
the change is saved to the STARTUP.TRA and STARTUP.TRD files as 
soon as you exit the view. The first time you modify these files after 
starting the monitor, the monitor creates backup copies of these files 
so that you can always return to the previous station data files. 


To return to the previous station data files: 


1. Move to Exit in the Main Menu and press Enter. The server's 
Main Selection Menu appears. 


2. Select the Exit to the Operating System option. The DOS 
prompt appears. 


3. Change directory to TRSNIFF. 


4. Type COPY BACKUP.TRA STARTUP.TRA at the DOS 
prompt and then press Enter. 


5. Type COPY BACKUP.TRD STARTUP.TRD at the DOS 
prompt and then press Enter. 


To return to the server’s Main Selection Menu, type MENU at 
the DOS prompt. 


The next time you start the monitor, it uses the settings that were in 
the station data files before they were changed. 
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Chapter 5. Working with Alarms 


Chapter Overview 


This chapter explains how alarms work and describes how to use 
them. It includes instructions for the following tasks: 


* Changing alarm thresholds 

* Displaying the alarm log 

* Acknowledging and clearing alarms 
* Printing alarms 

* Saving alarms to disk. 


= Remember that the alarm log described in this chapter is the one on 
the server, not the console, unless specified otherwise. For 
information on alarms sent to the console, refer to the Distributed 
Sniffer System: Installation and Operations Manual. 


Overview of Alarms 


Figure 5-1 shows how the monitor processes alarms. 


Alarm 1 
Alarm 2 
Alarm 3 
Thresholds Alarm 
Selection Alarm 200 
Alarm 
Buffer 
(up to 200 alarms) 


Alarm Log View 


Alarm 1 


Alarm 200 
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Alarm Log on the Console ALARM.LOG 


Figure 5-1. Alarm processing. 


When a measured network parameter (for example, the amount of 
idle time or the number of soft error frames) exceeds a predefined 
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Alarm Thresholds 


threshold, the monitor triggers an alarm and sends it to the alarm 
buffer. (It also sends the alarm to the console. Refer to “Sending 
Alarms to the Console” on page 5-5 for more information.) You can 
display the alarms in the buffer, save them to the disk, or print them 
on a printer. 


The monitor is shipped with threshold settings for the entire network 
and for individual stations. You can change both the global and 
station threshold settings. For station thresholds, you can change 
these settings: 


* Thresholds for stations that are already on the network 


* Default thresholds that will be assigned to new stations when 
they are detected. 


The monitor generates several alarms for which you cannot set 
thresholds. These alarms are explained in “Alarms for Which You 
Cannot Set Thresholds” on page 5-13. 


Priority Levels of Alarms 


You can assign a priority level to each station on the token ring 
network, which represents the importance of the alarms the station 
causes. The priority levels are Inform, Warning, Minor, Major, and 
Critical. An “Inform” alarm is the least important, and a “Critical” 
alarm is the most important. For example, if you consider the file 
server an important station on the network, you can specify that the 
alarms caused by the file server are labeled Critical. In this way, you 
can easily distinguish the more important alarms from others when 
viewing the alarm log. 


The alarm priority levels also determine the following: 
* Which alarms are accepted by the console 


¢ The value under “Monitor’s alarm” in the console’s Server 
Status. 


For more information on the console’s alarm log and Server Status 
display, refer to “Sending Alarms to the Console” on page 5-5 and 
“Acknowledging Alarms” on page 5-14. The Distributed Sniffer 
System: Installation and Operations Manual also provides information 
on these topics. 


All global alarms have the priority level Critical. You cannot change 
this value. 
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Sending Alarms to the Console 


> 


When you log on to a server running the monitor in the foreground, 
the monitor sends the existing alarms in its alarm log to the console if 
they have never been sent to any console or SNMP target. (Refer to the 
Distributed Sniffer System: Installation and Operations Manual for more 
information on sending alarms to an SNMP target.) The monitor also 
sends subsequent alarms to all connected consoles as they occur. 


If the monitor is running in the background, it does not send alarms 
to the connected consoles or SNMP targets. 


Figure 5-2 shows what alarms are sent from the monitor to the 
console, depending on whether the console is logged on to the server 
running the monitor. In this example, the monitor is running 
continuously; and there are no other consoles connected to the server. 


Status of the Console Monitor’s Alarm Buffer Alarms Sent 


Not logged on to the server. [Alarm #14 
Alarm #2 


Logged on to the server. Alarm #1 
Alarm #2 
Alarm #3 All alarms are sent 
immediately after the 
console is logged on. 


Terminated and then Alarm #1 
logged on to the server Alarm #2 
again. Alarm #3 Only alarm #4 is sent 
Alarm #4 as the other alarms 
have been sent before. 


Figure 5-2. Alarms sent to the console. 


Global Alarm Threshold Options 


Alarms are generated when global counts exceed predefined 
thresholds. For some global alarms (Errors, Usage, and Broadcast), 
you can determine the interval to which the threshold applies. For 
example, after you set the errors threshold at 10 and the interval at 60 
seconds, the monitor triggers an alarm if it detects 10 or more soft 
error frames within each 60-second period. 
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You can determine global alarm thresholds for these parameters: 


Unknown station Determines whether or not the monitor 


Errors 


Usage 


Broadcast 


Idle 


generates an alarm when an unnamed station 
transmits traffic. By default, the unknown station 
alarm is disabled. 


Defines the number (1 to 65,535) of soft error 
report frames that triggers an alarm. To turn the 
alarm off, choose 0. You can set the interval to 
which this threshold applies (5 seconds to 60 
minutes). By default, the number of errors is 20; 
the interval is 30 seconds. 


Defines the percentage (1 to 100%) of absolute 
network usage that triggers an alarm. You can set 
the interval to which this threshold applies (5 
seconds to 60 minutes). By default, the 
percentage is 50; the interval is 5 seconds. 


Defines the number of broadcast frames (1 to 
65,535) that triggers an alarm. To turn the alarm 
off, choose 0. You can set the interval to which 
this threshold applies (5 seconds to 60 minutes). 
By default, the number of broadcast frames is 
100; the interval is 5 seconds. 


Defines the length of time (5 seconds to 60 
minutes) the network can be inactive before 
generating an alarm. To turn the alarm off, 
choose 0. By default, the length of time is 15 
minutes. 


All global alarms have the priority level “Critical.” 


Station Alarm Threshold Options 


For each station, you can determine the alarm thresholds for these 


parameters: 


Errors 


No response 


Defines the number of soft error reports (1 to 
65,535) a station can transmit before triggering an 
alarm. The default is 100. 


Defines how long a station can be sent frames 
without responding before triggering an alarm. 
To turn the alarm off, choose 0 (the default). The 
possible value can range from 1 to 7 seconds. For 
further information on when the monitor 
generates a no-response alarm, refer to the 
section “Alarm” on page 9-29. 
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Idle 


Usage 


Defines the length of time (1 to 120 minutes) a 
station can be inactive (not transmitting) before 
triggering an alarm. To turn the alarm off, choose 
0 (the default). 


Defines the percentage of relative network traffic 
(1 to 100%) the station can transmit before 
triggering an alarm. The default is off. 


Interpreting Alarms When Using Monitor Filters 


When you are interpreting alarms, remember that the setting of the 
Monitor filters option affects alarm generation in the following ways: 


If Monitor filters is set to MAC frames or All frames, the 
monitor does not generate an idle alarm for a station as long as 
its network interface card transmits MAC frames. That is, you 
are not notified if a station has failed to transmit LLC frames. 


If Monitor filters is set to one station, the monitor monitors 
only the frames that contain this station’s address. As a result, 
the monitor considers only this station and its partners active. 
It generates idle alarms for any stations that are not 
communicating with the monitored station, regardless of 
whether they have been transmitting frames on the network. 


Strategies for Setting Alarm Thresholds 


This section provides some basic strategies for setting thresholds. 
However, finding the thresholds that best suit your particular 
network and preferences requires adjustments as you go along and as 
your network grows. 


= Changing alarm thresholds during a monitoring session can lead to 
unexpected results. For example, if you change a threshold that has 
already triggered an alarm, no new alarm is triggered when the new 
threshold is reached. Therefore, it is best to make any changes before 
you start monitoring. You can also stop monitoring, make changes, 
and restart monitoring. 


Strategies for Setting Global Alarm Thresholds 


To get started, follow these steps: 


1. 
2. 


Move to the History option in the Main Menu. 


Select the broadcast address as the station for which the 
monitor collects history statistics. 


Set the Intrvl option to 15 minutes. 
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4. Monitor traffic over a period of time, such as an 8-hour 
business day. This gives you an overview of your network’s 
traffic patterns. 


The following is a list of suggestions for setting various global 
thresholds and handling alarms: 


* Usage and errors thresholds 


Display the Global History view and note the highest number 
of errors and usage percentage. Then set each threshold of 
these categories to about 50% higher than the highest recorded 
number. 


¢ Broadcast threshold 


Display the Station History view and note the highest number 
of frames sent to the Broadcast station. Then set the threshold 
to about 50% higher. 


¢ Idle threshold 


Take into consideration the way your network software 
operates. For example, if your software package automatically 
transmits traffic every five minutes, setting the idle threshold 
to six minutes alerts you to any problems within a minute. 


¢ Unknown station alarms 


To avoid triggering the unknown station alarm for legitimate 
stations, be sure to name all known stations. This alarm then 
alerts you to any intruders or new stations. Since faulty bridges 
or bad network interface cards usually generate numerous 
unknown station alarms, this is also a good way to detect 
problems with bridges and cards. 


Be prepared to adjust the thresholds to higher values if you get too 
many alarms. If the alarms that are generated do not alert you to 
potential problems quickly enough, adjust the thresholds to lower 
values. 


A To change the global alarm thresholds: 


1. Move to the Alarm\Threshold\ Global menu, which lists the 
global threshold settings as shown in Figure 5-3. 


sh 


Strategies for Setting Alarm Thresholds 


x Unknown station 
Errors = 20 


d Interval = 20:38 
Auto clear = Off @ 
Thresholds al Usage = 58 % 
Log to ation defau. Interval = 00:05 


Broadcast = 100 
Interval = 00:05 


Idle = 15 


& 44 44 44 


Specify alarm thresholds for the network as a whole. 


Use the arrow keys to move around in the menu 


1 18 New 
Help monitor 


Figure 5-3. Threshold options for global alarms. 


2. If you do not want the monitor to trigger an alarm when 
detecting an unnamed station, move to Unknown station and 
press the Spacebar. An x preceding this option indicates that 
the alarm is disabled; a V indicates that an alarm is generated 
for each unknown station. Pressing the Spacebar toggles the 
value of this option. By default, the alarm is disabled. 


3. Move to the field you want to change and press Enter to 
display a dialog box or a list of values. Type a value or move to 
a value to select it, and press Enter again. 


Strategies for Setting Station Alarm Thresholds 


When setting alarm thresholds for individual stations, pay particular 
attention to devices that handle a lot of traffic, such as file servers and 
gateways. Since these devices are so important to the entire network, 
it is important to adjust their thresholds so that you are alerted to 
potential problems quickly without getting unnecessary alarms. Also, 
assign priority levels to individual stations according to the stations’ 
importance. 


The following is a list of suggestions for setting various station alarm 
thresholds: 


* Errors threshold 


Monitor the network for approximately 24 hours. Then 
generate the ERRORS report. (For further information on 
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generating reports, refer to Chapter 6, “Creating Reports.”) 
Obtain the highest error count from the report and increase it 
by 50%. Use this number as the errors threshold. However, you 
should adjust this value according to the length of a normal 
monitoring session. For example, if you restart a monitoring 
session every two days, set the threshold to twice the value 
calculated above. Also, if you think the error counts in the 
ERRORS report are abnormally high, you should solve the 
problems that caused the errors before determining the errors 
threshold. 


¢ Idle threshold 


For devices such as file servers, set the idle threshold as low as 
1 minute to alert you quickly to potential problems. For stations 
that are likely to be turned on and off periodically, set the idle 
threshold to “Off.” 


* Usage threshold 


To identify any stations that use large portions of the network's 
resources, set a low usage threshold for individual stations. 
Use this information to redistribute heavy users onto different 
network segments to prevent degradation of service to other 
users. 


As with the global alarm thresholds, be prepared to make 
adjustments. 


AS 


fs KON To change the station alarm thresholds and priority level: 
KO, 


1. Move to the Edit option in the Alarm menu and press Enter. 
The Manage Station Information view appears. 


2. Move to the station whose settings you want to change and 
press Enter. A dialog box appears with a list of fields you can 
edit. 


3. Move to the desired field and press Enter to display an 
additional dialog box. Select or type a value and press Enter. 
For example, in Figure 5-4, a list showing the possible errors 
threshold settings is displayed. Repeat this step until you finish 
modifying the threshold settings. 


4. Move to Priority = in the dialog box and press Enter. A 
window titled “Station Priority” opens. Move to the desired 
priority level and press Enter. 


5. Press Esc to return to the Manage Station Information view. 


Changing the Default Station Alarm Thresholds 
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Figure 5-4. Threshold settings for the station errors alarm. 


Changing the Default Station Alarm Thresholds 


When the monitor detects new stations on the network, it assigns the 
default alarm thresholds to the stations as it adds them to the station 
list. If you change these default settings, any stations added to the 
network are assigned the new defaults. If you assign names to these 
stations, the threshold information, together with the station 
addresses, is saved in STARTUP.TRA. 


To change the station default alarm thresholds and priority level: 


1. Move tothe Alarms\Thresholds \ Station defaults menu, which 
lists the default station thresholds as shown in Figure 5-5. 


2. Move to the threshold setting or priority level you want to 
change and press Enter. A dialog box or a list of values appears. 
Type in or select a value, and press Enter. 
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Edit ¢ 

Auto clear = Off #| Global 

Thresholds Errors = 100 dq 

Log to No response = Off ¢! 
Idle = Off 4 
Usage = Off 4 


Priority = Warningd 


Specify the default alarm thresholds for individual stations. 


=Use the arrow keys to move around in the rau 


10 New 
monitor 


Figure 5-5. Station default alarm thresholds. 


Resetting Station Alarm Thresholds to Default Values 


After you changed the station alarm thresholds for a monitoring 

session, you can easily restore the default thresholds, either for a 

single station or for all stations. Be sure to stop monitoring before 
resetting alarm thresholds. 


5S) To reset the alarm thresholds to defaults for a single station: 


1. Move to Edit in the Alarm menu and press Enter. The Manage 
Station Information view appears. 


2. Move to the station you want to reset and press F2 (Apply 
default). The threshold settings for that station change to the 
default values. 


The monitor resets the alarm thresholds for that station to the 


defaults. 
KA To reset the alarm thresholds to defaults for all stations: 


1. Move to the Reset thresholds option in the Manage stations 
menu and press Enter. The monitor displays this message: 


Any changes made to station alarm configurations will be lost if you 
proceed. Press ENTER to proceed. Press ESC to cancel. 
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Displaying the Alarm Log 


2. Press Enter. The monitor displays this message: 


Resetting alarm thresholds. 


Displaying the Alarm Log 


The Alarm Log view displays the contents of the alarm buffer. It lists 
alarms in the order they occurred and shows their priority, the time 
they occurred, the source of the alarm, and the type of alarm. 


Once the Alarm Log view is displayed, you can acknowledge alarms 
or clear them from the alarm buffer. 
To display the Alarm Log view: 


1. Move to Alarm log in the Display menu and press the 
Spacebar. 


2. Press F3 (Display) or press Enter to display the Alarm Log 
view. 


Alarms for Which You Cannot Set Thresholds 


The monitor generates three types of alarms for which you cannot set 
thresholds. Figure 5-6 describes how these alarms are represented in 
the Alarm Log view. When you display the view, you will see the 
actual station name or address under the headings “Alarm Type/ 
Description” and “Source.” 


Alarm Type/Description Cause of the Alarm 


1 or more oversized frame. 


Beacon at station. 


Poll Fail at station. 


Station that sent the A station sent a frame that exceeds 
oversized frame. 4,608 bytes on a 4 Mb/s network or 
18,432 bytes on a 16 Mb/s network. 


Station that sent the Beacon | A station sent a Beacon frame, after 

frame. detecting a hard error that renders 
the network inoperable. The station 
in the alarm description is the 


upstream neighbor of the station that 
sent the Beacon frame. 


Active Monitor. The active monitor sent a Ring Poll 
Failure frame after an error occurred 
during a ring poll process. The 
station in the alarm description is the 
last station that sent an Active 
Monitor Present or Standby Monitor 
Present frame for the failed ring poll. 


Figure 5-6. Types of alarms that you cannot set thresholds for. 
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Acknowledging Alarms 


To keep track of which alarms have been investigated, you can mark 

® (acknowledge) those alarms in the monitor’s Alarm Log view. It is, 
however, recommended that you acknowledge alarms in the 
console’s alarm log. Refer to the Distributed Sniffer System: Installation 
and Operations Manual for more information on the console’s alarm 
log. 


Acknowledging an alarm on the monitor does not affect the content 
of the console’s alarm log or the console’s audible alarm. However, it 
affects the alarm level shown in the console’s Server Status display. 
For example, if the monitor’s alarm log contains two alarms, one with 
priority level Critical and the other Major. Before the critical alarm is 
acknowledged, the alarm level for this server in the Server Status 
display is Critical. After you acknowledge the critical alarm on the 
monitor, the alarm level changes to Major. 


LON To acknowledge an alarm: 
VY © 
1. Display the Alarm Log view. 


2. Move to the alarm you want to acknowledge and press F3 (Ack 
alarm). 


AV mark appears in the right column to indicate that you have 
acknowledged the alarm. 


Clearing Alarms 


The alarm buffer can contain up to 200 alarms. When the buffer is full, 
new alarms are deferred until you clear some of the existing alarms in 
the buffer. However, a deferred alarm is lost when the condition that 
caused it no longer exists. In this case, there is no record that the 

deferred alarm occurred because alarms are printed, saved to disk, or 
sent to the console only as they are sent to the monitor’s alarm buffer. 


Effects of Clearing Alarms 


Whether an alarm will recur after you clear it depends on the alarm 
type, as described below: 


* Global errors, usage, or broadcast alarm: 


An alarm is triggered only the first time the threshold is 
exceeded. Additional instances of this event are ignored unless 
you clear the alarm. That is, if the threshold is exceeded again 
after the clearing, the monitor generates a new alarm. 


Clearing Alarms 


Global idle alarm, station idle, usage, or no response alarm: 


An alarm is triggered only the first time the threshold is 
exceeded. Additional instances of this event are ignored unless 
the alarm has been cleared and the condition that caused the 
alarm has been removed. For example, a station alarm is 
generated because a station has been idle for 15 minutes. If it 
continues to be idle after you clear the alarm, no new alarms are 
generated. However, if the station transmits at least once and 
then becomes inactive again for more than 15 minutes, the 
monitor will generate a new alarm for this station. 


Global unknown station alarm or station errors alarm: 


Even if the alarm is cleared from the buffer, the same condition 
does not cause an alarm to appear in the alarm log. 


Different Ways to Clear Alarms 


Clear alarms only when the monitor is running in the foreground. 
You can clear alarms in one of two ways: 


Manually clear alarms one at a time. Clear the alarms as soon 
as you deal with them. 


Use the Auto clear option. The monitor automatically clears 
each alarm after it is in the buffer for a specified period of time. 
This method is recommended because it slows down the speed 
at which the alarms approach the 200-alarm limit. 


When using Auto clear, also enable the Log to option, which 
automatically prints or saves to disk a record of alarms 
generated while the network is unattended. By default, Auto 
clear is set to 1 hour, and the alarms are logged to disk. If you 
are concerned that the alarms occupy too much disk space, 
disable the File option in the Alarm\Log to menu or remove 
the alarm log file regularly. The logging function is described 
in the section, “Using the Monitor’s Logging Function.” 


When you start a new monitoring session, the monitor automatically 
removes all the alarms in the alarm buffer that were generated in the 
last session. 


amy If an alarm has been cleared on the monitor before it is sent to the 
console, there is no record in the console’s alarm log that this alarm 
happened. However, if an alarm has been sent to the console before it 
is cleared, it remains in the console’s alarm log. Refer to the Distributed 
Sniffer System: Installation and Operations Manual for information on 
clearing alarms from the console’s alarm log. 
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To clear individual alarms manually: 


Display the Alarm Log view. 
Press F3 (Display) or press Enter to display the alarm log. 


Move to the alarm you want to clear and press F4 (Clear alarm). 
The alarm is cleared from the alarm buffer. 


To clear alarms automatically: 


L 
2. 
3. 


Move to Alarm in the Main Menu. 
Move to Auto clear = and press Enter. 


In the dialog box, type a value between 1 minute and 99 hours 
and press Enter. 


Using the Monitor’s Logging Function 


The monitor's logging function automatically prints and saves alarms 
as they are sent to the alarm buffer. This assures that there is a record 
of alarms, even after they are cleared from the buffer and the Alarm 
Log view. By default, the monitor saves alarms to the disk. 


Printing Alarms 


f KON 


You can save the alarms for each monitoring session to disk and print 
them as necessary. Alternatively, you can print each alarm ona 
designated printer as it occurs. 


To print alarms automatically: 


Move to the Alarm \Log to menu. 


Make sure a V mark appears to the left of the Printer option. If 
not, press the Spacebar to display the V mark. 


Move to the Alarm \Log to\Printer menu, which includes two 
printer ports. If LPT1 is selected, the file is sent to the printer 
attached to the server; if LPT2 is selected, it is redirected to the 
console. Move to the desired printer port and press the 
Spacebar. 


The printout does not include the name of the server from 
which the alarm log originates. If more than one server sends 
its alarm log to the console’s printer port, it may not be 
immediately clear which server generates the alarm log. Refer 
to the Distributed Sniffer System: Installation and Operations 
Manual for more information on redirecting printouts to 
consoles. 
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4. Tospecify the number of lines per page, move to Page size = in 
the Alarm \Log to\Printer menu and press Enter. A dialog box 
appears. 


5. Type the number of lines to be printed before a page break and 
press Enter. The number can range from 1 to 256. The default is 
58. 


If the number you specify is greater than the number of lines that fit 
on a page, the printing overlaps the page breaks, which might make 
the hard copy difficult to read. 


Saving Alarms to Disk 


In addition to—or instead of—printing alarms as they occur, you can 
save them to the file ALARM.LOG in the C:\TRALARMS directory. 
You can either append the alarms to those saved during previous 
sessions or reinitialize the file each time the monitor starts monitoring. 


It is recommended that you save only the alarms from the current 
session and deal with alarms as they happen. Use the append option 
only for collecting historical information about alarms. Otherwise, the 
ALARM.LOG file eventually becomes huge. 


To save alarms automatically: 
1. Move to the Alarm\Log to menu. 
2. Move to the File option. 


3. Ifnecessary, press the Spacebar to make sure a V mark appears 
to the left of the File option. 


4. Move to Clear alarm file in the Alarm\Log to\File menu. To 
append the current alarms to existing alarms from previous 
monitoring sessions, press the Spacebar to display the x mark 
to the left of the option. To overwrite previous alarms, press the 
Spacebar to display a V mark. 


The monitor saves the current alarms in ALARM.LOG in the 
C:\TRALARMS directory. 


To view ALARM.LOG: 


1. Select the Exit option in the Main Menu and press Enter. The 
Monitor selection menu appears. 


2. Select the Exit to the Operating System option. When the DOS 
prompt appears, use the DOS command, TYPE, to view the 
ALARM.LOG file. 


To return to the Monitor Service Menu after viewing the file, 
type MENU at the DOS prompt and press Enter. 


5-17 


Distributed Sniffer System: Token Ring Monitor Operations Manual 


The ALARM.LOG file is not updated while you are viewing it in DOS 
2 (or at any other time the monitor application is not running in the 
foreground). 
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Chapter 6. Creating Reports 


Chapter Overview 


In addition to viewing network statistics, you can create customized 
reports that show these statistics in any combination, sorted and 
arranged according to your preferences. You can use these reports to 
document your network activities, justify the need for hardware 
upgrades, compare network performance over time, and so on. 


This chapter provides an overview of the sample report scripts 
shipped with the monitor and describes the following tasks: 


* Loading a report script 
* Previewing a report 


* Printing or saving a report to disk, in either normal or CSV 
(comma-separated values) file format 


* Creating or editing a report script. 


Sample Reports: An Overview 


The monitor comes with report scripts you can use or modify. A 
report script is a template that defines which statistics are included in 
the report and how these statistics are arranged on the screen or page. 
When you generate a report from a report script, the monitor supplies 
the statistics, inserts them into the report script, and then prints or 
saves the report to disk. 


You can use the same report script over and over. The types of 
statistics and the format of the report remain constant; only the 
statistics change each time you print a report. 


When you use the monitor for the first time, the only report scripts 
you can use are the sample report scripts shipped with the product, 
which are described later in this chapter. If none of these report scripts 
suits your needs, create a new report script or edit an existing script. 
Then save this new report script for future reports. You must name 
and save this newly created script before you can use it. 


These are the script files stored in the directory 
C:\TRREPORT\SCRIPTS: 


* ERRORS.SCR 
* FRAMSIZE.SCR 
* HISTORY.SCR 
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¢ LISTENRS.SCR 

* RINGORDR.SCR 
* ROUTELEN.SCR 
* ROUTEPTH.SCR 
* SAPS.SCR 

¢ TALKERS.SCR 

¢ USERLIST.SCR 

* USERS.SCKR 

* USERSCSV.SCR. 


ERRORS.SCR 


The report based on ERRORS.SCR shows the 10 stations that 
transmitted the most soft error report frames. The stations are sorted 
in descending order by the number of errors. Only the stations that 
have sent at least 5 soft error report frames are included. 


The report shows the following types of statistics: 
* Time monitoring started 
* Time monitoring stopped 
* Duration of the monitoring session (elapsed time) 
* Total number of stations. 
Information displayed for each station includes: 
* Sort position 
* Station’s name 
* Number of frames from the station 
* Number of soft error report frames from the station 
* Number of bytes from the station 
* Average size of the frames from the station 


* Percentage of absolute network usage by the traffic from the 
station. 


Figure 6-1 is an example of a report based on ERRORS.SCR. 
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FRAMSIZE.SCR 


Server: NGCT787CD7 


Top 1 Errors 


This report provides statistics for the 1@ stations which have 
transmitted the most soft error report frames. Stations must have 
transmitted at least 5 soft error report frames to be included in 
this report. 


Monitoring Started: Oct 84 £9:52:32 Total Stations: 26 
Monitoring Stopped: Oct 24 29:56:23 
Elapsed Time: 6 day(s) 00:03:31 


Bytes Size % Abs 


Print Server f 627,706 71 9.59 
File Server : 1,685,487 131 1.59 
William Griffith 472,134 568 8.44 


Hit Esc to quit, any key to continue 


Figure 6-1. Errors report. 


The report based on FRAMSIZE.SCR shows the frame size 
distribution. It includes the frame size categories, the number of 
frames per category, and the percentage per category. The report also 
contains a graph that illustrates the percentages. The report contains 
the same information and has the same format as the display 
generated when you select Frame sizes in the Display menu. Figure 
6—2 is an example of a report based on FRAMSIZE.SCR. 
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Server: NGCT787CD7 
Frame Sizes 


This report supplies frame size distribution information. 


Size Frames Percent @ 28 49 60 34) 
Under 17 


18- 
33- 
65- 

129- 

257- 

513- 
1925- 
2049- 4696 
4097- 4628 

Over 4628 


Hit Esc to quit, any key to continue 


Figure 6-2. Frame sizes report. 


HISTORY.SCR 


The report based on HISTORY.SCR shows absolute network usage 
during each history interval. This report includes a graph with a scale 
of 10% to illustrate the network usage percentages. Figure 6-3 is an 
example of a report based on HISTORY.SCR. 
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LISTENRS.SCR 


Server: NGCT787CD7 
History 


This report provides traffic history information. 


Time Usage @ 


14 Oct 18 16:19:28 
16:18:08 
16:17:08 
16:16:28 
16:15:08 
16:14:08 
16:13:88 
16:12:88 
16:11:28 
16:18:28 
16:89:28 


Vv 


16 
9 
8 
7 
6 
5 
4 
3 
2 
1 


VVVNVVV 


Hit Esc to quit, any key to continue 


Figure 6-3. History report. 


The report based on LISTENRS.SCR shows statistics for the 10 
stations that received the most traffic during the most recent 
monitoring session. 


Stations are sorted in descending order by the number of bytes 
received and filtered by sort position to display the 10 stations that 
received and transmitted the most bytes. 


The report shows the following types of overall information: 

* Time monitoring started 

* Time monitoring stopped 

* Duration of the monitoring session (elapsed time). 
Information shown for each station includes: 

* Sort position 

* Station’s name 

* Number of frames to the station 

* Number of bytes to the station 


* Average size of the frames to the station 
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* Percentage of relative network usage by the frames to the 
station. 


Figure 6-4 is an example of a report based on LISTENRS.SCR. 


Server: NGCT787CD7 
Top 18 Listeners 


This report provides statistics for the 18 stations which have 
received the most traffic. The stations are sorted by bytes 
received. 


Monitoring Started: Oct 29 14:38:81 
Monitoring Stopped: Oct 29 14:38:12 
Elapsed Time: Q day(s) 00:00:11 


Bytes Size % Rel 


335 
Print Server 449 
Mark Ellison 547 
Tom Brown 193 
Ken Quinn : 253 
Miles Russell ; 142 
David Brooks {55 
Wes Harding 144 
Ed Hicks 131 


Hit Esc to quit, any key to continue 


Figure 6-4. Listeners report. 


RINGORDR.SCR 


The report based on RINGORDR.SCR shows the relative usage 
information for all stations. The stations are sorted by the ring order 
in descending order. The active monitor is displayed first, followed by 
the standby monitors. Other stations are arranged according to the 
station status in this order: snooper, removed, remote, inactive, and 
group. For information on station statuses, refer to Chapter 9, “The 
Monitor Menu Items.” 


The report shows the following types of statistics for each station: 
* Sort position 
* Station status 


* Percentage of relative network usage by the frames from the 
station. 


The graph in the report illustrates the percentages. The scale of the 
graph is 100%. Figure 6—5 is an example of a report based on 
RINGORDR.SCR. 
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ROUTELEN.SCR 


Server: NGCT/87CD7 
User Ring Order 


This report provides relative usage information for all users. The 
users are sorted by ring order. 


Name Status *Rel O 28 42 62 4) 100 
File Server Active Mon 14.95 
Bill Goodman 

Mark Ellison 

William Griffith Stands Mon 


Print Server 
Michael Harley 
Anthony Serrao 


Standby Mon 
Standby Mon 
Standby Mon 


James Wylie 
Fred Biddle 
Tom Brown Standby Mon 
Robert Hayes Standby Mon 
Miles Russell § Standby Mon 
Steven Anderson Standby Mon 


Hit Esc to quit, any key to continue 


Figure 6—5. Ring order report. 


The report based on ROUTELEN.SCR shows the route length 
distribution information. It shows the number of frames that have 
different route lengths and indicates the percentages of these frames. 
The graph illustrates the percentages. Figure 6-6 is an example of a 
report based on ROUTELEN.SCR. 
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Server: NGCT787CD7 
Route Lengths 


This report supplies route length distribution information. 


Length Frames Percent 8 20 49 62 88 129 


g 
22,186 
28,388 

4,549 

g 


1) 
1 
2 
3 
4 
5 
6 
7 
8 
9 


BAABNBVnanannm 


Hit Esc to quit, any key to continue 


Figure 6-6. Route lengths report. 


ROUTEPTH 
The report based on ROUTEPTH.SCR shows the route path 
distribution information. It shows the number of frames moving 
between the local and remote networks. Figure 6—7 is an example of a 
report based on ROUTEPTH.SCR. 
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SAPS.SCR 


Server: NGCT787CD7 
Route Paths 


This report supplies route path distribution information. 


Path Frames Percent 


Loc-Loc 216,343 977.77 
Loc-Rem 

Rem-Loc 

Ren-Ren 

Loc-Other 

Rem-Other 


Hit Esc to quit, any key to continue 


Figure 6-7. Route paths report. 


The report based on SAPS.SCR shows the SAP protocol type 
distribution information. It includes a list of SAP protocols, the 
number of bytes per SAP protocol type, and the percentage of each 
protocol type. The graph illustrates the percentages. Figure 6-8 is an 
example of a report based on SAPS.SCR. 
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Server: NGCT787CD7 
SAP Protocols 


This report supplies SAP protocol type distribution information. 


Bytes ‘Total @ 20 40 60 86 102 


9,642,637 
4,958,228 
23, 268,856 

748,854 
15,449,798 
4,958,555 


Vi) 

283, 182 
490,918 
392,182 
171,125 
5,248,884 


Hit Esc to quit, any key to continue 


Figure 6-8. SAP protocols report. 


TALKERS.SCR 


The report based on TALKER.SCR shows statistics for the 10 stations 
that transmitted the most traffic during the most recent monitoring 
session. 


Stations are sorted in descending order by the number of bytes 
transmitted and filtered by sort position. The report includes the 10 
stations that transmitted most traffic. 


The report shows the following types of general information: 
* Time monitoring started 
* Time monitoring stopped 
* Duration of the monitoring session (elapsed time) 
* Total number of stations 
* Time when the report was generated. 
Statistics shown for each station include: 
* Sort position 
* Station’s name 
* Number of bytes from the station 


* Number of soft error report frames from the station 
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USERLIST.SCR 


* Average size of the frames from the station 


* Percentage of relative network usage by the frames from the 
station. 


Figure 6-9 is an example of a report based on TALKERS.SCR. 


Server: NGCT787CD7 
Top 1% Talkers 


This report provides statistics for the 18 stations which have 
transmitted the most traffic. The stations are sorted by bytes 
transmitted. 

Monitoring Started: Oct £4 29:52:32 Total Stations: 26 
Monitoring Stopped: Oct 04 10:19:17 

Elapsed Time: @ day(s) 20:26:45 


Report Generated: Oct 64 10:19:17 


Name Bytes Errors Size % Rel 


Denise Martin 11,198,778 1748 14,46 
File Server 11,127,643 126 14,38 
Ed Hicks 9,177,893 2 = 1477 11.86 
Linus Stanwick 8,549,913 1362 11.05 
Mark Ellison 7,455, 412 3 = 1138 9.63 
Steven Anderson 6,103, 827 12 975 7.89 
Print Server 4,351, 204 38 72 5.62 


Hit Esc to quit, any key to continue 


Figure 6-9. Talkers report. 


The report based on USERLIST.SCR lists the physical addresses and 
names of all stations that are in the station list, sorted by address in 
ascending order. No filters are used to limit the number of stations. 
This report is useful for you to view the names assigned to addresses. 
You can use it to set up the monitor station data file, STARTUP.TRD. 
Figure 6-10 is an example of a report based on USERLIST.SCR. 
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USERS.SCR 


Server: NGCT787CD7 
Station List 


This report lists the physical address and assigned name of each station. 
The stations are sorted by address. 


$020004E0225 George Stanley 
Q000004E0012 Linus Stanwick 
2200004E0062 Helene Milici 
9200004E0100 Print Server 
$000004E0257 Wes Harding 
0000204E2323 Anthony Serrao 
O000004E033E Robert Hayes 
QPQOQB4EBE52 Alex Zwick 
$000004E@654 Ken Quinn 
0000004E2001 Denise Martin 
$00004E2186 Ed Hicks 
$000004E2301 Jill Franz 
$200004E2304 Tom Brown 
$002004E3096 Michael Harley 
$000204E3186 Barney Ingram 


Hit Esc to quit, any key to continue 


Figure 6-10. User list report. 


The report based on USER.SCR shows transmission and reception 
statistics for all stations, sorted in ascending order (alphabetically) by 
name. No filters are used to limit the number of stations. 


The report shows the following types of statistics: 

* Time monitoring started 

* Time monitoring stopped 

* Duration of the monitoring session (elapsed time). 
Statistics shown for each station include: 

* Sort position 

* Station’s name 

* Number of frames from and to the station 

* Number of soft error report frames to and from the station 

* Number of bytes from and to the station 

* Average size of frames from and to the station 


* Percentage of relative network usage by the frames from and to 
the station. 


Figure 6-11 is an example of a report based on USERS.SCR. 
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Server: NGCT787CD7 
All Users 


This report provides combined transmit and receive statistics for all 
stations. The stations are sorted by name. 


Monitoring Started: Oct 04 09:52:32 
Monitoring Stopped: Oct 84 18:28:52 
Elapsed Time: B day(s) 68:36:28 


Name Frames Errs Bytes Size % Rel 


Alex Zwick 1,622,564 
Anthony Serrao 779, 204 
Barbara Lemmon : 2,157,874 
Barney Ingram 1,798,938 
Bill Goodman 1,988,423 
David Brooks 1,122,354 
Denise Martin 14,538, 327 
Ed Hicks 12,876,394 
File Server 59,133,879 
Fred Biddle 1,022,437 


Hit Esc to quit, any key to continue 


Figure 6-11. Users report. 


USERSCSV.SCR 


The report based on USERSCSV.SCR shows the same information as 
the USERS report, but ina comma-separated-values (CSV) format that 
allows you to import the information into spreadsheets, databases, or 
other applications that use the CSV format. The CSV format is also 
called “delimited format.” Refer to “Report File Format” on page 6-16 
for more information on definitions of different formats. 


Figure 6-12 is an example of a report based on the USERSCSV script. 


et 


Distributed Sniffer System: Token Ring Monitor Operations Manual 


"Server", "Name", "Frames", "Errs”, “Bytes”, "Size", 
"NGCT787CD7 "| “Active Mon. ve 
g, 0, 6.00 
“NGCT787CD7 "| “All Bridges 
g, 8, 6.60 
“NGCT/87CD7 "| “All Fs Broadcast”, 
72, 383, 9.73 
"NGCT787CD7 "| "Broadcast 
52608, , 83.86 
"NGCT787CD7 i 
“NGCT787CD7 
192 
"NGCT/787CD7 
1952 
“NGCT787CD7 
1952 
"NGCT787CD7 
1952 


"NGCT787CD7 


g, 
8, 
g, 
8, 
B, 
g, 
Q, 
8, 
8, 
8, 
8, 


“NGCT787CD7 
Hit Esc to quit, any key to continue 


Figure 6-12. Users report (delimited format). 


Report File Format 


Normal Format 


Delimited Format 


A report can be in normal format or delimited format. The only 
sample report script in delimited format is USERCSV.SCR. 


The normal file format is the default format. Numbers that are 1,000 
or greater are printed with embedded commas (for example, 
1,100,000) in normal file format. Figure 6-1 is an example of an Errors 
report in normal file format. 


A report in delimited format contains no page breaks and embedded 
commas within fields. Figure 6-12 is an example of a report in 
delimited format. 


The delimited format allows you to import the file into other 
applications, such as spreadsheets and databases. For example, you 
might want to show the comparative usage of your network servers 
in a pie chart. After creating a report that provides those statistics and 
then importing that report into a spreadsheet application program, 
use the spreadsheet program’s graphics capabilities to create a pie 
chart based on your report. 
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Generating a Report 


To separate the fields from each other, insert a comma between the 
fields in the report script. Also, if a field is a character string (for 
example, a station name), use quotation marks to enclose the 
character string. 


= If the application program into which you want to import data 
requires additional formatting, make these changes in your report 
script. Refer to the application’s documentation for details about 
required filenames, field formats, and other considerations. 


Refer to “Creating or Modifying a Report Script” on page 6-21 for 
information on specifying a report script’s file format. 


Generating a Report 


To generate a report, you must first load into memory the report script 
that specifies the statistics you want to include. When you display, 
print, or save this report, the monitor automatically inserts the 
statistics from the current monitoring session. 


Loading a Report Script 


LON To load a report script: 
WY 


1. Move to the Report menu. 


2. Select the Load option and press Enter to display the list of 
available reports, including the sample report scripts and any 
other report scripts that have been saved. 


3. Move to the report you want to load and press Enter. 


You can edit a report script once you load it. In addition, you can do 
any of the following to the report generated by the script: 


« Preview it on the screen 
* Print it on a printer 
* Save it to the disk 


* Clear its contents. 


Previewing a Report 


You can preview a report by printing it to the screen. 


SS) To preview a report: 
1. Load the desired report script. 
2. Move to Edit in the Report menu and press Enter to display the 


oe 
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Report Script Editor view, which contains the script you 
loaded. 


Press F9 (Screen test) to display the report generated by the 
script. If the report consists of more than one screen, press any 
key to see the next screen. To return to the script, press Esc. 


Printing a Report Manually 


You can print the report on a printer you designate. You can also 

specify the number of lines to be printed before the monitor inserts a 
page break and report header if the report is in normal format. Refer 
to “Report File Format” on page 6-16 for more information on report 


formats. 


To print a report manually: 


1; 
2. 


Load the desired report script. 


Move to the Report\Print menu to select the device to which 
the report is printed. You can select among these options: 


Screen displays the report on the screen. 
Device LPT1 prints the report on the server's printer port. 
Device LPT2 redirects the printing to the console. 


File saves the report to the disk. (Refer to “Saving a Report 
to Disk” on page 6-20 for more information.) 


If Delimited format in the Report \Edit menu is enabled, go to 
step 4. 


Do you need to change the number of lines per page? 


If yes, move to Page size =, and press Enter. In the dialog 
box that appears, type the desired number of lines, or turn 
off the option by typing 0. Press Enter after you finish 
typing. 


When the monitor inserts a page break, it also prints the 
header text (for example, the title of the report or a 
description of the report as defined in the report script). If 
this option is turned off, the monitor does not insert any 
page breaks in the printout. 


If the number of lines you specify exceeds the length of the 
page, the monitor prints the number of lines you specified, 
overlapping the page break. 


If no, go to step 4. 


4. Move to Print in the Report menu and press Enter. 


Generating a Report 


5. A dialog box appears. Type the filename under which the 
report is saved. 


Printing a Report Automatically 


You can specify that the monitor prints out a report regularly. This 
feature is available only if the monitor application is operating in the 


foreground. 
KD To print a report automatically: 
KOZ, 


1. Load the report script: 
a. Move to the Report\Auto print menu. 


b. Select the Report = option and press Enter. A list of report 
scripts appears. 


c. Move to the desired report script and press Enter. 
2. Specify the time when the first report is printed: 
a. Move to Start time = and press Enter. A dialog box appears. 


b. Do you want to start printing the report immediately? If 
yes, type 00:00. If no, specify the time in hh:mm format. 
Press Enter when you finish typing. 


3. Specify how often the report is printed: 
a. Move to Interval = and press Enter. A dialog box appears. 
b. Type the time interval in hh:mm format and press Enter. 
4. To print to disk, go to step 5. 
To print to a printer: 
a. Enable the Print to device option. 


b. Specify the printer port in the Report\ Auto print\ Print to 
device menu. Device LPT1 is for the printer attached to the 
server; Device LPT2 is for redirecting the report to the 
console. You can also specify the page size in this menu. 


c. Go to step 6. 
5. To print to disk: 
a. Enable the Print to disk option. 


b. Move to the Report \ Auto print\Print to disk menu. To 
specify that the monitor prints each report to a separate file, 
select Multiple files; to specify that the monitor prints all 
reports on the same day to one file, select Single file. 


6. To restart a monitoring session after a report is printed, move 
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back to the Report \ Auto print menu to enable the Restart 
monitor option. 


For information on how the monitor names the reports generated 
automatically, refer to the section, “Filenames for Automatically 
Generated Reports.” 


Terminating Automatic Report Generation 


When the monitor is printing a report automatically, this message 
appears: 


Generating automatic report. 


If you want to terminate the automatic report generation, press the 
Esc key while the above message is displayed. The monitor stops 
printing immediately and displays the following message: 


Automatic report generation aborted. 


Subsequent report generation is not affected. For example, if Interval 
is set to 1:00 and Restart monitor is enabled, the monitor prints a 
report every hour and starts a new monitoring session after each 
printing, regardless of whether you have aborted automatic report 
generation. 


Filenames for Automatically Generated Reports 


The monitor names the automatically generated reports according to 
the file creation dates in either of these forms: ARYYMMDD.RPT. and 
YYMMDDNN RPT. (The extension is CSV if the report is in delimited 
format. Refer to “Report File Format” on page 6-16 for more 
information on different file formats, and “Creating or Modifying a 
Report Script” on page 6-21 for selecting the desired format.) 


For example, if you specify that all reports are automatically printed 
to a single file, a file created on April 28, 1991, is named 

AR910428.RPT. The monitor creates a new file after midnight. In this 
example, the new file created after midnight is named AR910429.RPT. 


If you specify that each report is automatically printed to a separate 
file, the number of the report follows the date. For example, the first 
report generated on April 28, 1991, is named 91042801.RPT, the 
second report on the same day is named 91042802.RPT, and so on. 


Reports generated automatically are stored in the C:\TRREPORT 
directory. 


Saving a Report to Disk 


You can save a report to preserve the statistics generated during a 
monitoring session. 
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LON 

CS 1 
2. 
3. 
4. 
5: 


To save a report to disk: 


Load the desired report script. 
Move to Print, then to File, and press the Spacebar. 


To save the report in the normal file format, make sure that an 
x displays to the left of the Delimited format option. To save 
the report in CSV format, make sure that a V mark appears to 
the left of the option. If necessary, press the Spacebar to toggle 
the setting of Delimited format. 


Move back to Print and press Enter to display the dialog box. 


Type a filename without the extension and press Enter. 


The monitor saves the report to the server's C:\TRREPORT directory 
and appends the extension RPT or CSV to its filename, depending on 
the file format. 


Creating or Modifying a Report Script 


If existing report scripts do not meet your needs, you can create a new 
report script or modify an existing script. For example, to replace the 
“Bytes” column in the TALKERS report script with “Frames,” simply 
change the column heading and the associated code. You can make 

any substitutions you wish in this way to create customized reports. 


The procedure of editing a report script includes the following tasks: 


Clear the contents of an existing report script in the Report 
Script Editor view if one is loaded. 


Enter text. 
Define which statistics (fields) to include in the report. 


Define which field to use to sort the report, in either ascending 
or descending order. 


Define one or two filters to further refine the report so that the 
report contains only the stations that you are interested in. 


Define the report format. 


Determine the report’s appearance by adding or deleting blank 
lines, or by adding special characters such as horizontal and 
vertical lines. 


Preview the report. 


Save and rename the report script for future use. 
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PON 
CY 


To display a blank report script: 


1. 


Select the Edit option in the Report menu. 
Have you loaded a report script? 


If yes, the script appears. Follow steps 2 through 4 to clear the 
script. 


If no, a blank report script appears in the Report Script Editor 
view. Go to the next procedure to start editing a report script. 


To clear an existing report script, press F6 (Edit options). The 
edit options appear. 


Move to Clear and press Enter. This message appears: 


Clearing report script. 


4. Press F6 (Return) to display a blank report script. 


To edit the fields in a report script: 


The types of statistics in a report depends on what report fields are 
included in the script. The following procedure shows how to edit the 
fields. The TALKERS report script is used as an example. The 
procedure shows just one way to edit a report script. Once a report 
script displays, you can vary the order in which you do various tasks 
or skip those tasks not relevant to your needs. 


1. To define which statistics to include, position the cursor where 


you want the field to appear. Then press F2 (Insert field) to 
display the list of available fields. The screen shown in Figure 
6-13 appears. (For definitions of the report fields, refer to 
Appendix B, “Report Fields.”) 


Move to the first field you want to display and press Enter. It is 
recommended that you include the server’s NetBIOS name 
(SrvrName under the heading, “Global”) in the report script. In 
this way, when you print out the report from the console, you 
can identify the server that generated the report. 


Some of the fields provide several options for you to further 
customize the field. For example, after you select the % Usage 
field, a window appears, which contains Absolute and 
Relative. These options correspond to the absolute and relative 
percentage of network usage. Use the cursor keys to move to 
the appropriate option and press Enter. 


A code (for example, @ss@) appears on the screen. When the 
monitor compiles the report, it automatically substitutes a 
value for that code. 
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-REPORT SCRIPT EDITOR: 


FD EL DS 
Station From To Both 


Global Errors 


SrvrAddr State Sort Pos Partner Partner Partner 
Stations Oversize Address % Usage % Usage % Usage 
% Usage Purges Name Frames Frames Frames 
Frames SoftErrs Status Errors Errors 
Hist Stn Bytes Bytes Bytes 
Text Avg Size Avg Size Avg Size 
CSV Ret First First First 
Last Last Last 
Elapsed Elapsed Elapsed 
History History History 


CurrTine 
FrmSizes 


Figure 6-13. Report fields that can be inserted into a report script. 


3. Position the cursor for the next field, with at least one space 
after the previous field. Also, be sure that the end of the field 
does not exceed the end of the line. 


4. Press F2, select the second field you want to display, and press 
Enter. (For the Talkers report, you would select Name under 
the heading Station). 


Repeat steps 2, 3, and 4 until you have defined all the fields. 


5. To enter text, use the cursor keys to move the cursor to the 
desired place and start typing. For example, you might want to 
enter explanatory text or headers for the fields you selected. 
The upper-right corner identifies the cursor position by row 
and column to help you place the cursor precisely. The DEL 
key deletes the current character. The Ins (Insert) key inserts 
characters; if you have not pressed Ins, the character you type 
overwrites the current one. 


Figure 6-14 shows the codes for the fields of the TALKERS 
report and the explanatory text. Each report script can contain 
up to 58 lines. 


When you enter the @ symbol in your report, the monitor 
displays @@ to differentiate your input from the keyboard 
from the @ symbols used as delimiters in the field codes. When 
you send the report to the printer, the report correctly prints 
the @ sign you typed. 
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-REPORT SCRIPT EDITOR---——————TALKERS . SCR: 
Server: @GSERVER ADDR. .¢ 


Top 18 Talkers 
This report provides statistics for the 18 stations which have 
transmitted the most traffic. The stations are sorted by bytes 
transmitted. 
Monitoring Started: @GMON START...@ Total Stations: 
Monitoring Stopped:  eGMON END 
Elapsed Time: eGMON ACTIVE @ 


Report Generated: eGCURRENT TIMEe 


Bytes Errors Size 


e@ @FERe eFAYe  eFUREe@ 


1 2Insert§i3Insert#i4Delete—s 6 Edit ii/ BRepeat §9Screen 
Help § field™ line™f line™f Menus fMfoptions™. Chars charg test 


Figure 6-14. Talkers report script. 


KO To sort and filter statistics in a report: 


1. When the Report Script Editor view is displayed, press F6 (Edit 
options). A list of edit options appears. 


2. Move to Report settings, and then to Sort by to display the sort 
options. A display as shown in Figure 6-15 appears. 
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REPORT SCRIPT EDITOR—--—————TALKERS . SCR 


From 
Both 


Ascending 
Descending 


Report settings Name 

Sa Partner's name 
x Active stns only Ring order 

x Inserted stns only Frames 

Errors 

x Delimited format Bytes 

Average size 

ore! ore! 

Select the field by which the stations will be sorted. 


==Use the arrow keys to move around in the menu 


5 BG 
Menus Return 


Figure 6-15. Options for sorting statistics in a report. 


Follow these steps to specify how the statistics are sorted: 


a. Move toand select the To, From, or Both option by pressing 
the Spacebar. This option is applicable if the sort key (to be 
selected in step c) is related to the traffic direction. For 
example, if the sort key is Frames, the To, From, or Both 
option determines whether frames sent to, received by, or 
both, are used as the sort key. If the sort key is Name, this 
option does not affect how the stations are sorted. 


For the TALKERS report, select the From option to sort the 
stations according to the amount of traffic from the stations. 


b. Move to and select either Ascending or Descending to 
select the sort order. 


For the TALKERS report, select the Descending option. 
c. Move into the list of sort keys and press the Spacebar. 
For the TALKERS report, select Bytes. 


As a result of these specifications, the Talkers report displays 
the stations that transmit the most bytes in descending order. 


3. Choose the type of station to be included in the report: 


a. To include only the stations that have sent or received 
frames, select the Active stn only option for Report 
settings. A V mark preceding the option indicates that it is 
selected. An x mark indicates that it is not selected. If the 
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option is not selected, every station, regardless of whether 
it has received or sent traffic, is included. 


To include only the inserted station, select Inserted stns 
only. A V mark preceding the option indicates that it is 
selected. An x mark indicates that it is not selected. A 
station whose station status is active monitor, standby 
monitor, or snooper is considered an inserted station. 


4. Select filters to limit the stations to be displayed in the report. 
Follow either of these steps to choose the filter, depending on 
the number of filters you need: 


To use one filter, move to Filter 1. If necessary, press the 
Spacebar to display the V mark. Then move to Filter 2. If 
necessary, press the Spacebar to display the x mark to 
disable the second filter. 


If you want to use a second filter, decide whether you want 
the statistics to pass either filter or both filters, and select the 
appropriate operator option (OR or AND). Then move to 
Filter 2 and make sure it is selected (that is, aV mark should 
precede the Filter 2 option). 


If you select two filters with the AND option, the station 
must fulfill the conditions defined by both filters to be 
included in the report. If you select the OR option, the 
station is displayed if it meets the conditions of either filter. 


To specify the conditions for a filter, move to the panel to the 


right of the Filter option. There are two lists on the panel. 
Follow these steps to select the items on the lists: 


a. 


You can limit the stations to be included in the report based 
on any of these criteria: Sort Position, Name, Partner's 
name, Frames, Errors, Bytes, Average size, First activity, 
Last activity, Elapsed activity, Address, Absolute usage, 
and Relative usage. They are shown in the second list on 
the panel. 


For example, you can specify that the station be included 
only if its average frame size is between 100 and 1,000. 


To specify a criterion, follow these steps: 


1) Move to the desired item on the second list and press 
Enter. A dialog box appears. The dialog box shows the 
default minimum and maximum values. 


2) Move to the value you want to modify, then press Enter. 
Another dialog box appears. 


3) Type the desired value and then press Enter. The dialog 
box with the values that you set appears. Press Esc or F6 
to return to the menu. 
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(For the Talkers report, you would select the Sort Position 
as Filter 1 and specify a minimum value of 1 anda 
maximum value of 10 to include the top 10 users.) 


The first list determines the direction of traffic to which the 
criterion you specified in step a applies. If you specified 
Frames in step a, determine whether this condition should 
apply to the traffic from or to the station, or the traffic in 
both directions. For example, you can specify that the 
monitor count only the stations transmitting frames whose 
average size is between 100 and 1,000 bytes. 


To specify the direction, move to To, From, or Both in the 
first list. Then press the Spacebar. 


After changing a filter value, immediately press Cursor Left 
to return to the Filter 1 option. This ensures that you do not 
accidentally change the new value by viewing other filter 
values. 


If you are specifying two filters, repeat this step for the second 
filter. 


To define a report's file format: 


In the Report settings menu, press the Spacebar to enable or disable 
the Delimited format option. (If the Main Menu is currently 

displayed, go to the Report\Edit menu to set the Delimited format 
option.) 


To refine a report’s appearance : 


i. 


Add or delete blank lines or special characters like up, down, 
right, or left ruling lines. 


a. 


To add or delete lines, use the F3 (Insert line) or F4 (Delete 
line) keys. 


. To add headers, use the cursor keys to position the cursor 


above the fields you want to describe. Then type in the text. 


To add special characters, press F7 (Chars) to display a list 
of available characters. Move to the desired character and 
press Enter. To repeat the character, use the cursor keys to 
position the cursor on the character and press F8 (Repeat 
chars) to make a continuous line or other special display. 


To see how the report will appear with statistics, press F9 
(Screen test). 


Press Esc to return to the script. You can now make any 
additional changes to the report script. 
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To print or save the report, press F6 (Edit options). A list of edit 
options appears. Move to Print, and then either designate a printer or 
choose File. (See “Printing a Report Manually” on page 6-18 and 
“Saving a Report to Disk” on page 6-20 for a description of the 
associated options.) 


Recommendations on Report Editing 


The following is a list of recommendations that might help you edit a 
® report script: 


If you are modifying an existing report script, remember to edit 
the text preceding the statistics after you set up the fields so 
that the text correctly describes the report. 


When you view the statistics, it would be helpful if the sort key 
is consistent with one of the fields included in the report script. 


For example, the LISTENRS report script includes the TBYTE 
field, which represents the number of bytes sent to each of the 
stations in the report. It is recommended that you sort the 
statistics using the To option. In this way, the statistics 
represented by TBYTE are sorted in descending or ascending 
order, depending on your choice. 


If you sort the statistics using the From option, the stations are 
arranged according to the amount of traffic transmitted. This 
makes the report hard to read because none of the statistics in 
the report are related to transmissions. 


Use the AND operator carefully if you are defining two filters. 
When used correctly, it can eliminate the stations that you are 
not interested in. However, it may yield unexpected results if 
you inadvertently define conflicting conditions for the filters. 


The following are examples showing how the filters interact 
with the AND operator for the LISTENRS report script: 


Example 1 


For filter 1, To and Average size are selected. The minimum 
and maximum frame sizes are 0 and 500, respectively. 


For filter 2, To and Errors are selected. The minimum and 
maximum numbers of errors are 1 and 65,535, respectively. 


The report generated by the LISTENRS report script counts 
only the stations that have received frames whose average size 
is 500 bytes or less and that have received between 1 and 65,535 
error frames. You are eliminating the stations that have not 
transmitted error frames as well as the stations that transmit 
large frames. 
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Example 2 
Filter 1 has the same conditions as in Example 1. 


For filter 2, To and Average size are selected. The minimum 
frame size is 600; the maximum is a value that is greater than 
600 (for example, 1,000). 


The report generated by the LISTENRS report script contains 
no statistics because no station can meet the criteria defined by 
these filters. That is, no station can receive frames whose 
average size is 500 bytes or less and 600 bytes or more. 


Example 3 


For filter 1, Sort position is selected. The minimum and 
maximum values are 1 and 5, respectively. 


For filter 2, To and Errors are selected. The minimum and 
maximum numbers of errors are 100 and 500, respectively. 


The report generated by the LISTENRS report script would 
probably contain no statistics. If the statistics are sorted by the 
frames received by the stations, a station is displayed only if it 
is one of the top 5 stations that receive most traffic and it has 
transmitted between 100 and 500 error frames. 


Saving a Report Script 


When you finish editing a report script, you can save that script for 
future use. The original script you used as a basis is not changed; 
instead, you save the edited version under a new name. 


To save a report script: 


1. With the report script displayed, press F6 (Report Options), 


move to Save, and press Enter. 


In the dialog box that appears, type the report script name and 
press Enter. 


The monitor saves the report script and assigns it the extension 
SCR. The next time you try to load a report script, this script 
appears on the list of scripts available. 
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General 


Chapter 7. Establishing a Baseline for Your 
Network 


Chapter Overview 


Determining what is wrong with the network is much easier when 
you are familiar with typical network patterns before a problem 
occurs. Significant deviations from these patterns often indicate a 
problem. To decide whether such deviations exist, do the following: 


* Name the stations on the network. 


For further information on how to name stations, refer to 
Chapter 4, “Managing the Station Data Files.” 


* Become familiar with normal traffic patterns. 


This chapter describes the tests that produce results to be used as a 
baseline for your network. It does not, however, provide detailed 
interpretation of statistical displays and views generated by the 
monitor. This information is provided in Chapter 9, “The Monitor 
Menu Items.” 


The procedures in this chapter assume that you already know how to 
move through menus, select options, and define values. 


Gathering History Statistics 


fs Ny To establish a picture of typical network traffic patterns: 


SY 1. Monitor all stations at 30-minute history intervals over a period 
of time, between one day to one week. 


Longer intervals like 30 minutes are often more meaningful 
because they reduce the effects of short-term fluctuations. 


2. Select Global history in the Display menu to look at the Global 
History Statistics view. The statistics allow you to analyze the 
network usage during various time periods. 


Alternatively, enable the Log to disk option in the History menu. The 
file HISTORY.LOG is created in the server’s C:\TRHIST directory, 
which stores the statistics in the Global History Statistics view. You 
can transfer the file to the console and then print it out. For more 
information on file transfer between the server and the console, refer 
to the Distributed Sniffer System: Installation and Operations Manual. 


It might be useful to log history statistics at different times of the year 
to discern network usage patterns. For example, you might want to 
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know whether network traffic is heavier toward the end of each fiscal 
quarter within your organization. 


To display history statistics for a particular station: 


1. After monitoring the network over a period of time, select Stn 
in the History menu. 


2. From the station list, select a station for which history statistics 
will be displayed. 


3. Select Station history in the Display menu to lookat the history 
statistics for the selected station. 


When you display a station’s history statistics, you can specify 
whether the statistics are compiled according to the amount of traffic 
received or transmitted by the station, or both. 


In most cases, use the Both option to show a more accurate picture of 
network activity. With this option, the monitor displays history 
statistics that reflect the traffic to and from the station. You can use 
this information to balance the load among network stations. 


The From option is useful when you display or sort by errors. It 
provides the most accurate picture of which stations are transmitting 
soft error report frames. The To option might be useful for comparing 
the sizes of frames sent to the file servers to those transmitted by the 
file servers. 


To generate a history report for a particular station: 


To maintain a permanent record of the history statistics for a 
particular station, create a report script and generate a report for these 
statistics. 


For example, if ServerA generates the most traffic on the network, you 
might want to know its network usage at different times of the day 
over a period of time (for example, a week). To generate a history 
report for ServerA, follow these steps: 


1. Select Edit in the Report menu to display a blank report. 
2. Enter text that describes the content of the report. 


3. Insert fields such as the current time, frames from and to 
ServerA, absolute network usage, and error frames. 


4. Press Fé to display the edit options. 


5. Select Report settings to set Filter 1. Select Name to limit the 
report to ServerA. (That is, set both the minimum and 
maximum values of Name to “ServerA.”) Make sure that Filter 
2 is disabled. 


6. Select Save to save the script under a filename of your choice. 
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Es 


Select Auto print to print the report to a single file on the disk 
every hour. Set Start time to a time when you want the monitor 
to start printing the report. 


Enable the Restart monitor option so that the monitor starts a 
new monitoring session each time it prints the report to the 
disk. 


After monitoring the network for a week, print out the file that 
contains the report. The report consists of the hourly history statistics 
for ServerA in the past week. You can now see the traffic patterns of 
this server at different times of the day. 


Protocol-Specific Station Tests 


It is useful to test protocols to which each station responds so that 
when connectivity problems occur in the future, you know which 
station normally responds to a particular type of test frame. 


To perform a protocol-specific station test: 


He 2" BS 


Stop monitoring. 
Select Station test. 
Choose a station from the station list. 


Select the protocol with which you want to test the selected 
station. The available protocols are MAC, IEEE 802.2, NetWare, 
and NetBIOS. (The NetWare option is available only if the 
server uses the IPX protocol.) 


The monitor displays a message indicating whether the station 
responded. If you started a NetBIOS station test and the station 
responded, the Network Adapter Status screen appears. An 
example of this screen is shown in Figure 7-1. 


Record the test result. 
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Station Address: @2@7183A6DC Version: 8x8223 Minutes Active: 4159 


Traffic Statistics Station Resources 


Rejected Receives Free Command Blocks 
Rejected Transmissions Max. Free Command Blocks 
Receive Errors Max. Configured NCB 
Successful Receives 1, 933,32 Pending Sessions 

Aborted Transmissions 7 Max. Pending Sessions 
Transmission Errors ) Pending Sessions 


Successful Transmits 1,933,325 Max. Data Packet Size 
Response Timer Expired g Number of Local Names 


Name Table 
NGCT787444 


Figure 7-1. Sample Network Adapter Status screen. 


Examining Typical Frame Size Distributions 


It is useful to know the typical frame size patterns on the network. 
Suppose a majority of the frames on your network typically fall in the 
range between 33 and 64 bytes. After you installed a new network 
application (for example, a file transfer program), most frames now 
fall in the range between 2,049 and 4,096 bytes. This change indicates 
that the introduction of the program had an impact on network traffic. 
This information can help you decide whether modification of the 
network configuration is required. 


To examine the frame size distribution, monitor the network over a 
period of time. Then select Frame sizes in the Display menu to look at 
the Frame Size view. If you want to look at the frame size distribution 
over a period of time, generate reports based on FRAMSIZE.SCR 


regularly. 
If you want to know the average frame size for each station, select All 


stations in the Display menu. Specify that the statistics be sorted by 
the average frame size. 
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Examining the Transmit Timer 


With the access control scheme on a token ring network, a token is 
always in circulation. If a message is already on its way from one 
station to another, the token is set as a busy token. A station must first 
get a free token before it can transmit on the network. 


The time a station needs to wait for a free token before transmitting a 
frame is longer as the network becomes busier. The transmit timer on 
the monitor indicates the length of time between two frames sent to 
the network, one after another. 


It is recommended that you record the length of the waiting time 
during normal and peak hours. In the future, if you notice that the 
waiting time has become significantly longer, you might want to 
consider changing the network configuration to speed up the 
transmission process. For example, you might want to divide one 
network segment into two or three segments. 


To examine the transmit timer, stop the monitoring session and then 
select Transmit Timer on the Main Menu. A screen display shows the 
amount of time the monitor waits between the transmission of two 
frames. The time is measured in milliseconds. 
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Network 
General 


Chapter 8. The Monitor Data Files 


Chapter Overview 


Data Files 


STARTUP.TRA 


This chapter describes data files on the Sniffer server that are used by 
the monitor. Some of the files are shipped with the product; some are 
created when you execute particular commands in the monitor’s 
menus. This chapter, however, does not describe those files that are 
used exclusively for the operation of the monitor and that you would 
not typically view in DOS. 


The following list shows the different directories that contain the data 
files: 


C:\TRSNIFF STARTUP.TRA 
STARTUP.TRD 
STARTUP.TRI 
STARTUP.TRT 
C:\TRALARMS ALARM.LOG 
C:\TRHIST HISTORY.LOG 
HISTORY.CSV 
C:\TRREPORT * RPT 


C:\TRREPORT\SCRIPTS * SCR 


The monitor creates duplicates of the STARTUP.TRA and 
STARTUP.TRD files when you change these files for the first time 
after starting the monitor. The duplicates are called BACKUP.TRA 
and BACKUP.TRD, respectively. As a result, you can return to the 
previous version of the data files. 


The STARTUP.TRD and STARTUP.TRI files are also used by the 
analyzer if it is available on the server. 


File type: ASCII. 


Content: Station addresses and alarm thresholds. This file is not 
shipped with the monitor; instead, it is created during 
the first monitoring session, when the monitor adds 
any named stations to this file and assigns them the 
default alarm thresholds. 
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STARTUP.TRD 


> 


STARTUP.TRI 


Read: 
Written: 


File type: 


Content: 


Read: 


Written: 


The following is an example of an entry: 


station C00000000001 alarms (usage 20%, badpkts 5, 
idle 1 mins, norsp 7 secs, priority 1) 


When you start a monitoring session. 


When you exit the Manage Station Information view 
after making changes. 


ASCII. 


Station names and addresses. You can enter station 
names automatically (if you use NetBIOS), with the 
Manage Stations Information view, or with a text 
editor. 


The following is an example of an entry: 
station “NetBIOS” = c00000000080 


When you start a monitoring session. It is also read by 
the Sniffer analyzer if you use the analysis function. 


When you use the Probe for names function to add 
station names. 


When you exit the Manage Station Information view 
after editing names. 


When you edit the file with a text editor. 


You cannot delete the broadcast address, cOOOffffffff, from this file. 
You can, however, change the name for this address. The default 
name is Broadcast. 


File type: 


Content: 


ASCII. 


Vendor addresses, each of which makes up the first six 
hexadecimal numbers of a station’s address. The 
monitor is shipped with a set of addresses in 
STARTUP.TRI. The following is an example of an 
entry: 


manuf “Vtalnk” = 48007c 
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STARTUP.TRT 


Read: 


Written: 


STARTUP.TRT 


File type: 


Content: 


Read: 
Written: 


ALARM.LOG 


File type: 


Content: 
Read: 
Written: 


If a monitor display includes the station whose 
address is, for example, 48007c123456, the monitor 
displays “Vtalnk123456” instead of the 12 
hexadecimal digits. 


The maximum number of entries is 225. 


When you start the monitor. It is also read by the 
analyzer if you use its analysis function. 


When you save changes made with a text editor. (The 
monitor does not automatically change this file.) 


ASCII. 


SAP values in hexadecimal numbers. The monitor is 
shipped with default SAP values in STARTUP.TRT. 
You can assign more than one SAP value to a protocol 
type as shown in these examples: 


sap “SNA” = 04 
sap “SNA” = 08 


The maximum number of entries is 32; the maximum 
number of SAP labels is 16. 


When you start the monitor. 


When you save changes made with a text editor. (The 
monitor does not automatically change this file.) 


ASCII. 
Alarms in the monitor’s alarm buffer. 
When you use a word processor to read the file. 


The monitor saves alarms from the alarm buffer to the 
file if you enable the File option in the Alarm\Log to 
menu is enabled. 


HISTORY.LOG and HISTORY.CSV 


The monitor saves history statistics to C:\TRHIST \ HISTORY.LOG if 
you do not specify the delimited (spreadsheet-compatible) format; it 
saves the statistics to C:\ TRHIST\HISTORY.CSV if you choose the 
delimited format. 
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* CSV and *.RPT 


*SCR 


File type: ASCIL 

Content: Global history statistics. 

Read: When you use a text editor to read the file. 

Written: The monitor saves global history statistics regularly to 


the file if you enable the Log to disk option in the 
History menu. 


The *.CSV and *.RPT files are reports stored in the C:\TRREPORT 
directory. Figure 8-1 lists the different forms of filenames. 


Report Format Generated Generated 
Automatically Manually 
Delimited ARYYMMDD.CSV or | FILENAME.CSV 
YYMMDDNN.CSV 
Not delimited ARYYMMDD.RPT or | FILENAME.RPT 
YYMMDDNN.CSV 


Figure 8-1. Filenames in the C:\ TRREPORT directory. 


You specify FILENAME when you manually generate the report. If 
the monitor generates the report automatically, the filename indicates 
the file creation date. 


File type: ASCII. 

Content: The report generated. 

Read: When you use a text editor to open it. 

Written: When a report is automatically or manually 
generated. 


There are several report script files under the 
C:\TRREPORT\SCRIPTS directory (for example, HISTORY.SCR, 
ERRORS.SCR). 


File type: Binary. 

Content: Report script that the monitor uses as a template when 
generating a report. 

Read: When you choose Load in the Report menu. 

Written: When you choose Save in the Report menu. 
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Chapter 9. The Monitor Menu Items 


Chapter Overview 


Transmit Timer 


This chapter describes each menu item in the order it appears in the 
monitor’s Main Menu, along with any associated options. For options 
that display additional information, such as the Global Statistics view 
associated with the Display option, there is also an explanation of 
each item in the view. 


This chapter does not discuss the use of function keys in each view 
(for example, F9 for freezing the screen). It assumes that you have 
learned how to use the function keys from the previous chapters. 


Generates the Transmit Wait Time view, which shows the amount of 
time the monitor takes to acquire the token before each transmission. 
Select Transmit Timer only when the monitor is not monitoring. 
Figure 9-1 is an example of the Transmit Wait Time view. 


TRANSMIT WAIT TIME: 


Current Transmit Wait Time: 24.2 milliseconds 


W 
a 
i 
t 
T 
i 
n 
@ 


D / Scale™i8 Scalefi9Freeze 
Menus up down fidisplay 


Figure 9-1. Transmit Wait Time view. 
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Station Test 


The following list explains the terms used in the display: 


* Current Transmit Wait Time is the amount of time in 
milliseconds that the monitor waited to acquire the token for 
the most recent transmission. 


* Wait Time is used on the vertical axis of the bar graph. It 
indicates the amount of time in milliseconds that the monitor 
waited to acquire the token for each transmission in the past 60 
seconds. The monitor transmits 20 frames per second and 
averages the wait times. The time intervals are marked on the 
horizontal axis of the graph. 


Tests for station response, using the protocols listed below. 


If the station responds to a NetBIOS test frame, the Network Adapter 
Status screen appears. Refer to Figure 7—1 for an example. 


If you use other protocols, the monitor displays a message similar to 
the following to indicate that the station responded: 


File Server responded. 


Options 
To = Displays the name or address of the station to be 
tested. If you press Enter after selecting this option, a 
list appears. Choose the station you want to test. To 
move through the list quickly, type the first character 
of the station’s name. 
MAC Sends a test frame at the MAC level. 
IEEE 802.2 Sends an 802.2 test frame. 
NetWare Performs a NetWare configuration request command. 
This option appears only on a server that is equipped 
with the IPX protocol stack. 
NetBIOS Performs a NetBIOS remote status request command. 
—_ The monitor can perform a station test using the NetWare or NetBIOS 
protocol when it is monitoring the network. You must, however, stop 
the monitor before initiating a station test for the MAC or IEEE 802.2 
protocol. 
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Monitor Filters 


Monitor Filters 


Options 


History 


Options 


Determines which stations and which types of frames are to be 
monitored. You can change the settings of Monitor filters only when 
the monitor is not monitoring. 


All stations Monitors all stations. 


Stn = Displays the name or address of the station to be 
monitored. If you press Enter when this option is 
selected, a station list appears. Choose the station you 
want to monitor. To move through the list quickly, 
type the first character of the station’s name. 


Allframes = Monitors both LLC and MAC frames. 

LLC frames Monitors only LLC frames. 

MAC frames Monitors only MAC frames. 

By default, Monitor filters is set to All stations and All frames. 


Specifies the history interval and designates a station for which 
history statistics are collected. The history interval determines how 
often the monitor records history statistics. The total number of 
intervals is 1,750. 


Changing the setting of a History option erases any previous history 
statistics in memory. To save them, generate a report or log history 
statistics to disk. 


Stn Displays the name of a station for which the monitor 
collects statistics. If you press Enter when this option 
is selected, a station list appears for you to choose a 
station. To move through the list quickly, type the first 
character of the station’s name. 


Intrvl Specifies the length of a time interval during which the 
monitor accumulates statistics. It also affects when the 
monitor starts collecting history statistics, as 
explained in Figure 9-2. 


To specify the value, press Enter to display a dialog 
box. Specify the time in the hh:mm:ss format. The value 
can range from 5 seconds to 24 hours. 
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Align history Ifitis not selected, the monitor starts collecting history 
statistics immediately. 


If it is selected, the monitor starts collecting history 
statistics on the next interval boundary. For example, 
if you set Intrvl to 10 minutes and the current time is 
02:21:00, the monitor starts collecting statistics at 
02:30:00. Figure 9-2 describes how the value of Intrvl 
affects the time the monitor starts history statistics 
collection. 


If Intrvl is setto... | History statistics collection starts at... 


Any number of hours | Beginning of the next hour. 
(for example, 1, 2) 


5, 10, 15, 20, or 30 Next specified boundary. For example, if 
minutes the current time is 05:13:00 and you set 

Intrvl to 30 minutes, statistics collection 
starts at 05:30:00. 


Any number of minutes 
other than the ones 
described above 


Beginning of the next minute. For 
example, if the current time is 05:13:00 

and you set Intrvl to 2 minutes, statistics 
collection starts at 05:14:00. 


5, 10, 15, 20, or 30 


Next specified boundary. For example, if 
seconds 


the current time is 05:13:25, and you set 
Intrvl to 15 seconds, statistics collection 
starts at 05:13:30. 


Any value other than Immediately. 
the ones described 
above 


Figure 9-2. Relationship between Intrvl and history alignment. 


Log to disk | Whenselected, this option writes global history 
statistics at each history interval to a file on disk 
named HISTORY.LOG, which is in the C:\TRHIST 
directory. At midnight, this file is renamed to 
GHYYMMDD.LOG (YYMMDD represents the year, 
month, and day). The monitor then clears the contents 
of HISTORY.LOG so that it can store to this file the 
history statistics for the next day. (If the file is in 
delimited format, the file extension is CSV instead of 
LOG.) 
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Display 


Display 


Options 


When Delimited format is selected, the file’s format is 
compatible with spreadsheet applications. That is, 
embedded commas within numbers are eliminated, 
and the fields are separated from each other by 
commas. The name of the file is HISTORY.CSV. 


Both HISTORY.LOG and HISTORY.CSV contain the 
same information as shown in the numeric Global 
History Statistics view. 


By default, Stn is set to Broadcast and Intrvl to 00:15:00. Align history 
is selected, but Log to disk is not. 


Display generates a variety of screens containing network statistics. 
Each display is called a “view.” The exact information in each view 
depends on the options you choose. All views include the current date 
and time in the upper-right corner of the screen. 


The following is a list of options for Display, which allow you to 
specify the type of view to be generated: 


Global statistics Displays traffic statistics for the network as 
a whole. 

Single station Displays traffic statistics for a specific 
station. 

All stations Displays selected statistics, sorted 
according to your specifications, for all 
stations. 

Frame sizes Displays a distribution of frame sizes. 

Routing info Displays statistics on routed frames. 


SAP protocol types Displays the numbers of frames or bytes 
according to the type of SAP. 


Alarm log Displays a list of alarms generated in the 
current monitoring session that have not 
been cleared. 


Global history Displays a history of activity for the entire 
network. 

Station history Displays a history of activity for a specific 
station. 
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Except for Frame sizes and Alarm log, you can determine how these 
options display the statistics (for example, in numeric or graphic 
format). The following subsections describe the views generated by 
these options. 


The Class option specifies whether the statistics in a view are based 
on the frames sent to the station, from the station, or both. This option 
applies when you display a single station (in the graphic format), all 
stations, or station history. 


The Network Usage option specifies whether the statistics are 
absolute (a portion of the total network capacity) or relative (a portion 
of the total network traffic). This option applies when you display a 
single station, all stations, or station history. 


Display Global Statistics 


Options 


The Global Statistics view provides a high-level view of network 
activity for all stations for the current monitoring session. 


Numeric Displays global statistics as columns of numbers, 
including updated traffic counts, error counts, and 
timestamps. Numeric is the default setting. 


Graphic Displays traffic counts in the top portion and a graph 
of absolute network usage over a 60-second period in 
the bottom portion. 


Global Statistics in Numeric Format 


Figure 9-3 is an example of a Global Statistics view in the numeric 
format. 


Display 


LOBAL STAT IST ]CS—AA_A_-_--____Orct. 82 17:84:59 


Maximum Inserted Stns 
Total Stations 
Average Usage 

Total Frames 

Total Bytes 

Avg Frame Size 


Error Counts 


Ring State Operating Normally Monitor Started Oct 82 17:04:44 
Monitor Active 9 day(s) 20:00:15 


Oversized Frames 
Ring Purges 
Soft Error Reports 


Traffic Counts 


Current Inserted Stns 
Active Stations 
Current Usage 

Current Frames 
Current Bytes 

Avg Frame Size 


Timestamps 


First Activity Oct £2 17:04:45 
Last Activity Oct #2 17:04:59 
Network Active 8 day(s) 00:00:14 


“a 6Disply 9Freeze—il@ Stop 
Menus [options displayfimonitor 


Figure 9-3. Global statistics view (numeric format). 


Traffic Counts 


The Traffic Counts column is divided into two parts. 


The following list explains the terms in the left column. All the 
statistics in this column have been accumulated since the current 
monitoring session started. 


Maximum Inserted Stns Highest number of inserted stations at one 


Total Stations 


Average Usage 


Total Frames 
Total Bytes 


Avg Frame Size 


time in the current monitoring session. An 
inserted station is one whose status is active 
monitor, standby monitor, or snooper. For 
further information on station status, refer 
to “All Stations Statistics in Numeric 
Format” on page 9-18. 


Number of stations that have transmitted in 
the current monitoring session. This 
number is equal to or greater than 
Maximum Inserted Stns. 


Average utilization of the network’s 
capacity. 


Total number of frames transmitted. 
Total number of bytes transmitted. 


Average size of transmitted frames (that is, 
total bytes divided by total frames). 
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The following list explains the terms in the right column. All the 
statistics in this column pertain to the last second: 


Current Inserted Stns 


Active Stations 


Current Usage 
Current Frames 
Current Bytes 


Avg Frame Size 


Error Counts 


Number of inserted stations. 


Number of stations that have transmitted 
frames of any type. 


Utilization of the network’s capacity. 
Number of frames transmitted. 
Number of bytes transmitted. 


Average size of transmitted frames (that is, 
current bytes divided by current frames). 


The Error Counts column shows the overall condition of the network 
and the numbers of errors. 


Ring State 


The general condition of the network. The 
following explains the possible messages 
displayed for Ring State: 


“Beaconing” indicates that the network is 
inoperable. A network can be in the 
beaconing state because of a physical break 
in the token ring or a time-out during 
monitor contention. 


“Monitor Contention” indicates that the 
network is in the process of selecting a new 
active monitor. This happens when the 
current active monitor has not received its 
Ring Purge MAC frame within one second 
of its transmission. 


“No Receive Signal” indicates that the 
monitor receives no signals from the 
network. This happens when the monitor 
station is disconnected from the network. 


“Operating Normally” indicates that the 
network is in normal operation. (That is, an 
active monitor is present, and a token is 
being circulated on the network.) 


“Removed from Ring” indicates that the 
monitor is prevented from entering the 
token ring because the IBM LAN Manager 
program is not configured to allow a 
monitoring device to be present on the 
network. 
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“Ring Purge” indicates that the active 
monitor has sent out a Ring Purge MAC 
frame because it detected that a token has 
been lost. 


“Not monitoring” indicates that the 
monitor is not monitoring the network. 


Oversized Frames Number of frames that exceed 4,608 bytes 
on a 4 Mb/s network or that exceed 18,432 
bytes on a 16 Mb/s network. 

Ring Purges Number of times the active monitor purges 


any circulating information from the ring 
because it has not seen a free token or a 
good frame within 10 milliseconds. 


Soft Error Reports Number of intermittent errors counted and 
reported by the token ring adapters on the 
network. There are different types of soft 
errors. For example, a line error indicates 
that there was an invalid character ina 
frame or token or that there was a checksum 
error in a frame; a lost frame error indicates 
that a station that transmitted a frame failed 
to receive the frame. 


For further information on soft errors and error recovery, refer to the 
TMS380 Adapter Chipset User’s Guide or Token-Ring Network, 
Architecture Reference. 


Timestamps 

Monitor Started Date and time the current monitoring session 
started. 

Monitor Active Length of the current monitoring session. 

First Activity Date and time the first frame was transmitted. 

Last Activity Date and time the most recent frame was 
transmitted. 


Network Active Amount of time between the first and most 
recent frames transmitted. 


Global Statistics in Graphic Format 


Figure 9-4 is an example of a Global Statistics view in the graphic 
format. 
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LOBAL STATISTICS @-————————ct. 82 17:06:52 
Traffic Counts 

Maximum Inserted Stns Current Inserted Stns 

Total Stations Active Stations 

Average Usage 4 Current Usage 

Total Frames : Current Frames 

Total Bytes , 828, Current Bytes 

Avg Frame Size Avg Frame Size 


49 30 
Seconds 


D 6Displu—i/ Scale—i8 Scale—i9Freeze—lid@ Stop 
Menus fMoptions™ up down fidisplausimonitor 


Figure 9-4. Global statistics (graphic format). 


The top portion of the view displays traffic counts identical to those in 
the numeric view. The graph in the bottom portion shows absolute 
network usage (in percentage) over a 60-second period. The graph 
updates at one-second intervals, moving across the view from right to 
left. The current time and date display in the upper-right corner of the 
view. 


Recommendations 


The monitor can display accurate statistics up to certain values. It 
displays “Ovrflw” instead of the numeric value when a statistic has 
exceeded the maximum value. 


The maximum value of Total Frames is 4,294,967,295; the maximum 

® value of Total Bytes is 999,999,999,999. The maximum value of each 
type of error counts is 65,535. Reset the monitor immediately after 
“Ovrflw” appears. This way, you can examine the accurate statistics 
in the Global Statistics view for the current session. 


General 


Display 


Display Single Station 


This view provides a high-level view of current activity for a selected 


station. 
Options 

Stn The name of the station for which the monitor 
displays statistics. If you press Enter after selecting 
this option, a station list appears. Choose a station 
from the list. 

Numeric Displays traffic statistics for the selected station as 
columns of numbers, including transmissions, 
receptions, and both (Figure 9-5). 

Graphic Displays traffic statistics for transmissions, receptions, 


or both, depending on the Class option you choose. 
The graph in the bottom portion shows either absolute 
or relative network usage by the station over a 60- 
second period (Figure 9-6). 


Single Station Statistics in Numeric Format 


Figure 9-5 is an example of the display for a single station. 


ABSOLUTE TRAFFIC STATISTICS-SINGLE STATION————————Occt. 82 17:22:57. 
Traffic TO and FROM Station 
Station: File Server Current Usage 5. 
Status: Active Mon Average Usage 6.53 % 

Total Frames 130, 227 
Last sent to: Alex Zwick Total Errors 24 
Last rcv from: Ken Quinn Total Bytes 35,697,892 
Avg Frane Size 274 


Traffic FROM Station Traffic TO Station 


Current Usage 1.98 % Current Usage 3.28 % 
Average Usage 1.58 % Average Usage 5.02 % 
Total Frames 64,405 Total Frames 65,622 
Total Errors 2 

Total Bytes 8,258,712 Total Bytes 27,447, 188 

Avg Frame Size 128 Avg Frame Size 418 
Start Time Oct @2 17:64:45 Start Time Oct @2 17:04:45 

End Time Oct @2 17:22:57 End Time Oct 22 17:22:57 
Elapsed @ day(s) 08:18:12 Elapsed @ day(s) 00:18:12 


D 6Disply 9Freezefil® Stop 
Menus fifopt ions| displayfimonitor 


Figure 9-5. Single station statistics (numeric format). 


The top portion shows traffic counts for both transmissions and 
receptions for a selected station. The lower-left portion shows counts 
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for transmissions; the lower-right portion shows counts for 


receptions. 


The left column in the top portion displays the following types of 


general information: 


Station Address or name of the station for which statistics 
appear. 


Last sent to Address or name of the station to which the most 
recent frame was transmitted. 


Last rev from Address or name of the station from which the most 
recent frame was received. 


Traffic TO and FROM Station 


Current Usage 


Average Usage 


Total Frames 
Total Errors 


Total Bytes 


Avg Frame Size 


FROM Station 


Current Usage 
Average Usage 


Total Frames 
Total Errors 
Total Bytes 
Avg Frame Size 
Start Time 


End Time 


Elapsed 


Percentage of utilization in the last second for 
both transmissions and receptions. 


Average percentage of utilization for both 
transmissions and receptions in this monitoring 
session. 


Total number of frames transmitted and 
received. 


Total number of soft error report frames 
transmitted. 


Total number of bytes transmitted and received. 


Average size of frames transmitted and received. 


Percentage of network utilization for 
transmissions in the last second. 


Average percentage of utilization for 
transmissions in this monitoring session. 


Total number of frames transmitted. 

Total number of soft error reports transmitted. 
Total number of bytes transmitted. 

Average size of frames transmitted. 

Date and time the first frame was transmitted. 


Date and time the most recent frame was 
transmitted. 


Amount of time between the transmission of the 
first and most recent frames. 
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TO Station 


Current Usage 
Average Usage 


Total Frames 
Total Bytes 
Avg Frame Size 
Start Time 


End Time 


Elapsed 


Percentage of utilization for receptions in the last 
second. 


Average percentage of utilization for receptions 
in this monitoring session. 


Total number of frames received. 

Total number of bytes received. 

Average size of frames received. 

Date and time the first frame was received. 


Date and time the most recent frame was 
received. 


Amount of time between the first and most 
recent frames received. 


Single Station Statistics in Graphic Format 


Figure 9-6 is an example of the display for a single station in the 


graphic format. 


ABSOLUTE TRAFFIC STATISTICS-SINGLE STATION--—————————ct. 2 17:34:24 


Station: File Server Current Usage 
State: Monitor Average Usage 


Last sent to: Jill Franz Total Errors 
Last rcv from: Barney Ingram Total Bytes 


Traffic TO and FROM Station 
27.6 
Total Frames 


Avg Frame Size 


46 32 
Seconds 


Do 6Disply—l”? Scale§i8 Scale—i9Freezelid Stop 
Menus foptions™ up down fidisplayfimonitor 


Figure 9-6. Single station statistics (graphic format). 


The statistics in the top portion of the graphic view are similar to those 
displayed in one of the portions in the numeric view. However, they 
do not always describe the traffic both to and from the station; the 
statistics displayed depend on the Class option you choose. 
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Recommendations 


® 


Display All Stations 


For example, if you choose To for the Class option, the display does 
not include the address or name of the station to which the most 
recent frame was transmitted (the “Last sent to” field). The number 
of errors (the “Total Errors” field) is displayed only if Both or From is 
selected for Class. 


The graph in the bottom portion of the Single Station view (Figure 9— 
6) shows either absolute or relative network usage (in percentage) by 
the station over a 60-second period. The graph updates at one-second 
intervals, moving across the view from right to left. 


If you select Both for the Class option, a bar in the graph representing 
both reception and transmission statistics is made up of two portions. 
The upper portion represents the reception statistics; the lower 
portion represents the transmission statistics. A color monitor 
displays reception statistics in yellow and transmission statistics in 
blue. 


As with the global statistics, the monitor can display accurate statistics 
for a single station up to certain values. If a statistic for both reception 
and transmission exceeds the maximum value, the monitor displays 
“Ovrflw” instead of the numeric value. For example, if Total Frames 
in the Traffic TO and FROM Station column exceeds 4,294,967,295, 
“Ovrflw” appears. 


However, if the number of the transmitted frames or received frames 
exceeds the maximum value, the monitor does not display “Ovrflw.” 
In this case, the numeric value displayed is still inaccurate. 


If you display the numeric view, reset the monitor once “Ovrflw” is 
displayed. If you display the graphic view for transmission or 
reception traffic only, there is no warning about the overflow of the 
frame counts. In this case, it is important that you reset the monitor 
once “Ovrflw” is displayed for Total Frames in the Global Statistics 
view. When Total Frames overflows, it is possible that the frame 
counts for one or more stations are inaccurate. 


This view shows statistics for each station across the network, sorted 
according to your specification. 


Options 
Numeric Displays statistics as columns of numbers, for up 
to 20 stations at a time. You can choose which 
statistics to display (see “ All Stations Statistics in 
Numeric Format” on page 9-18), how to display 
them, and how to sort them. 
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Graphic 


Sort by 


Displays a graph and lists 10 stations at a time. 
Refer to “All Statistics in Graphic Format” later 
in this section for a description of the view.) 


Specifies the order in which the statistics are 
arranged and the key by which the statistics are 
sorted. The options available are described 
below: 


Ascending displays statistics from the lowest to 
the highest, as defined by the sort key. 


Descending displays statistics from the highest 
to the lowest, as defined by the sort key. 


Name sorts the stations by their names. 


Partner’s name sorts the stations by the names of 
their partners. A station’s partner is the last 
station it communicated with. 


Ring order sorts the stations according to the 
order of the stations on the token ring. When 
Ring order is selected, the active monitor is 
displayed first, followed by the standby 
monitors. The standby monitors are arranged in 
such order that each station is followed by its 
upstream neighbor. 


After the standby monitors, the rest of the 
stations are grouped by station status in this 
order: snooper, removed, remote, inactive, and 
group. Refer to “ All Stations Statistics in 
Numeric Format” on page 9-18 for more 
information on station status. 


The monitor displays a warning message if it 
cannot determine the ring order. 


Frames sorts the stations by the number of 
frames transmitted, received, or both. 


Errors sorts the stations by the number of soft 
error frames transmitted. Do not sort by errors if 
the setting of the Class option is To, or an error 
message appears. 


Bytes sorts the stations by the total number of 
bytes transmitted, received, or both. 


Average size sorts the stations by the average 
size of frames transmitted, received, or both. 


9-17 


Distributed Sniffer System: Token Ring Monitor Operations Manual 


All Stations Statistics in Numeric Format 


Active stns only 


Inserted stns only 


Network usage sorts the stations by their 
network usage. The usage percentage might fall 
in the range between 100 and 200 if the class of 
traffic is Both because the monitor counts each 
frame for its source and destination. 


First activity sorts the stations by the date and 
time that the first frame was transmitted or 
received. 


Last activity sorts the stations by the date and 
time that the most recent frame was transmitted 
or received. 


Elapsed activity sorts the stations by the amount 
of time between the first and last activity. 


Displays only stations that have sent or received 
traffic since the beginning of the current 
monitoring session. 


Displays only stations whose station status is 
active monitor, standby monitor, or snooper. 


The numeric view always includes the station names. Other types of 
statistics that can be included are: Partner’s name, Station status, 
Frames, Errors, Bytes, Average size, Network usage, First activity, 
Last activity, and Elapsed activity. 


For definitions of these terms except Station status, refer to the 
description of Sort by earlier in this section. 


Station status refers to the status of the station, which can be one of 


the following: 


Active monitor 


Standby monitor 


Snooper 


Removed 


The station serves as the active monitor, which 
initiates the token transmission and provides the 
soft-error recover facility. 


The station serves as a standby monitor, which 
can detect failures in the active monitor and 
traffic disruptions on the network. A standby 
monitor may become the active monitor if the 
active monitor fails. 


The station is currently sending Trace Tool 
Present frames. (The monitor’s station status is 
snooper; it sends out a Trace Tool Present frame 
every minute.) 


The station was previously inserted but has left 
the ring. 
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Remote The station is on a remote token ring network. 
Inactive The station has never transmitted a frame. 
Group The address is not station-specific. For example, 


it is a broadcast address. 


Network usage shows the relative or absolute usage of the network in 
percentage.The percentage might fall in the range between 100 and 
200 if the class of traffic is Both, because the monitor counts each 
frame for its source and destination. 


Figure 9-7 is an example of a numeric view showing the statistics for 
all stations. 


ABSOLUTE TRAFFIC STATISTICS TO AND FROM STATIONS--——————Octt. #2 17:42:17. 
Station Frames Errs Bytes Size Usage 
File Server 276, 829 73,432,466 266 6.54 
Print Server 191,191 45,529,139 

Denise Martin 19,580 18,011,113 

Mark Ellison 19,801 15,513,678 

Ed Hicks 19,389 2 15,013, 438 

Linus Stanwick 19, 206 14,282,561 

Steven Anderson 19,264 9, 882,593 

William Griffith 19,582 6,884 , 988 

Tom Brown 19,623 6,011,525 

Michael Harley 19,829 4,914,731 

Miles Russell 19,575 2,748, 389 

Barbara Lemmon 19,565 2,707,797 

Bill Goodman 19,619 2,529 , 836 

Barney Ingram 28,825 2,228,957 

Ken Quinn 19,201 2,228, 098 

Alex Zwick 19,715 1,982,862 

Helene Milici 19,558 1,947,276 

George Stanley 19,901 1,796 ,588 

Jill Franz 28, 266 1,725, 288 

Robert Hayes 19,695 1,441,699 


26 : 
il 3 Prevgl4 Nextii5 6Disply 9Freeze—ll® Stop 
Help station—istationf§ Menus foptions displaufimonitor| 


Figure 9-7. Statistics for all stations (numeric format). 
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All Stations Statistics in Graphic Format 


The categories of statistics in the graphic view cannot be changed. For 
example, you cannot display the names of the stations’ partners. 


The bottom portion displays absolute or relative network usage (in 
percentage) for up to 10 stations at a time, sorted by the key you 
selected. 


The top portion shows statistics for the displayed stations as a graph, 
with transmissions, receptions, and both counts appearing in 
different colors or intensities. 


Figure 9-8 is an example of a graphic view showing the statistics for 
all stations. 


+19 


Distributed Sniffer System: Token Ring Monitor Operations Manual 


RELATIVE TRAFFIC STATISTICS TO AND FROM STATIONS--——————ctt. 82 18:82:3 
10 pAb AAA A AA—A AAA —§ dd —— A$ A 


4 


5 6 
Legend: TO FROM BOTH 


File Server : Linus Stanwick 
Print Server ‘ Steven Anderson 
Denise Martin : William Griffith 
Mark Ellison : Tom Brown 

Ed Hicks } Michael Harley 


re 
Me 3 Prev—ld Next—s — 6Displug7 Scale—8 Scale§9Freezefil® Stop 
Help station—istationg Menus fMfoptions™ up down fidisplayffmonitor 


Figure 9-8. Statistics for all stations (graphic format). 


Display Frame Sizes 


Shows how many frames fall into each predefined size category and 
what percentage of frames each size category comprises. Figure 9-9 is 
an example of the Frame Sizes view on a 4 Mb/s network. The size 
categories are different on a monitor running at 16 Mb/s. 


Size Displays the size categories (in bytes) used to classify 
the frames. The minimum frame size is 17. The first 
size category is “Under 17”, which counts the number 
of fragments that are smaller than the minimum size. 


Frames Displays the total number of frames for each size 
category. 
Percent Displays the percentage of frames for each size 


category. The graph illustrates these percentages. 


= 


Display 


FRAME SIZES. 82 18:88:58 


Size Frames Percent @ 20 40 60 34) 100 
Under 17 


2049- 4096 
4097- 4628 
Over 4628 


9 6Disply 9Freeze—ilO Stop 
Menus fifopt ions} displayfimonitor 


Figure 9-9. Frame Sizes view. 


Display Routing Info 


Shows the number of frames routed to and from the local token ring 
network. You can display the Routing Paths view or the Routing 
Lengths view. 


Routing Paths View 


Figure 9-10 is an example of the Routing Paths view. 
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ROUTING PATHS ENDED: Oct. 38 15:5:2! 
Routed frames: 4,756 22.52% 
Non-Routed frames: 16,359 77.47% 


Frames to remote rings 
Local ring 2,158 Remote ring: 


Frames on 10.18% Frames passing 
this local ring through local ring 


16,359 Frames from remote rings 553 
77.47% 1,929 2.61% 


G .00% 
- To broadcast destinations 
- To group/functional destinations 
- To non-transmitting stations 


D 6Disply 9Freezefii@ New 
Menus ffoptions| displayfimonitor| 


Figure 9-10. Routing Paths view. 


The first two lines of the display show the numbers and percentages 
of routed and non-routed frames. A frame’s source address indicates 
whether a frame is routed or non-routed. If the RII bit (bit 0 of byte 0 
in the source address) is 0, the frame is non-routed. For further 
information on source addresses, refer to Token-Ring Network, 
Architecture Reference. 


The rest of the display breaks down the statistics further. It shows the 
numbers and percentages of routed frames between the local network 
and the remote networks. The box named “Local ring” contains the 
number and percentage of non-routed frames. The box named 
“Remote rings” contains the number and percentage of frames that 
pass through the local token ring network from remote networks. 


Between the “Local ring” and “Remote rings” boxes are two types of 
statistics. “Frames to remote rings” shows the number and percentage 
of frames sent from the local network to a remote network. “Frames 
from remote rings” shows the number and percentage of routed 
frames that are destined for the local network. 


The frames sent to “Other” can be any of the following types: 
* Broadcast frames from the local or remote networks 
* Frames that are destined for a group address 


+ Frames that have been sent to non-transmitting stations. 
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Routing Lengths View 


Figure 9-11 shows an example of the Routing Lengths view. 


ROUTING LENGTHS —_____FNDED: Oct. a 15: “ 2 
Length Frames Percent 9 28 49 68 180 


2,484 
1,675 
553 
g 


Vi) 
1 
2 
3 
4 
5 
6 
7 
8 
9 
Vi) 
1 
2 


1 
1 
1 


Over 12 
All Routes 
Other 


i 
iw) 
BHLlLRAKVRARVMAWAa GS 


Total 4,756 22.52 % of all frames on local ring are routed 
D 6Disply SFreezesi@ New 
Menus fifoptions displayfimonitor] 


Figure 9-11. Routing Lengths view. 


The display categorizes the frames according to the length of the 
route. The length is the number of token ring bridges that a frame has 
traversed. In the display, the length can range from 0 to over 12. 


If a frame’s routing length is 0, it means that the frame includes the 
Routing Information field, but the Length Bits in the frame are 0. For 
further information on the Routing Information field and Length Bits, 
refer to Token-Ring Network, Architecture Reference. 


The category “ All Routes” represents the all-routes broadcast frames. 
These frames are sent to all token ring networks that are 
interconnected with the local network by bridges. 


The “Other” category includes these types of frames: 


¢ The number of bridges a frame has traversed cannot be 
determined, and the frame has a destination or source address 
that does not exist on the local network. 


¢ The frame is non-source-routed but it is sent to or received 
from a non-local station. 


The percentages in the display are the percentages of all routed 
frames. The graph illustrates these percentages. 
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Display SAP Protocol Types 


Shows a distribution of protocol types used on the network. The 
options Bytes and Frames determine whether the statistics are 
displayed in bytes or frames. The monitor reads the STARTUP.TRT 
file for the SAP values. 


Figure 9-12 is an example of the Protocol Types (SAPs) view. 


PROTOCOL TYPES (SAPS) Oct. 83 15:28:22 
SAP Bytes ‘Total 6 28 40 60 88 108 


3,646, 953 
2,816, 468 
8,411,349 
271,418 
5,981,558 
2,278, 766 
g 


63.231 
1,860,640 


5 6Disply 9Freeze—l™ Stop 
Menus fopt ions} displaufimonitor} 


Figure 9-12. Protocol Types (SAPs) view. 


The following explains the terms used in the display: 


SAP Protocol type to which the frame being counted 
belongs. 


Bytes / Frames Number of bytes or frames that fall into a 
particular protocol category. 


% Total Percentage of frames or bytes of a particular 
protocol type. The graph illustrates these 
percentages. 


If an LLC frame encapsulates the Ethertype value in the SNAP (Sub- 
Network Access Protocol) header, the monitor treats the frame as a 
frame that uses SNAP regardless of the Ethertype. For example, if the 
monitor detects an LLC frame that encapsulates the Ethertype IP in 
the SNAP header, it increases the byte or frame count under SNAP, 
not IP, in the Protocol Types (SAPs) view. 
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Display Alarm Log 


You are allowed to specify multiple values for a protocol type. For 
example, STARTUP.TRT can contain the following entries: 


sap “SNA” = 04 
sap “SNA” = 08 


When the monitor displays the SAP protocol types, there is one entry 
for SNA. The count under this entry includes all the frames that have 
the SAP value equal to 04 or 08. 


Lists up to 200 alarms generated in the current monitoring session that 
have not been cleared. From the Alarm Log view, you can 
acknowledge an alarm by pressing F3 and clear it by pressing F4. 


Figure 9-13 is an example of the Alarm Log view. 


ALARM. LOG-—-AAADRaaAaAaaa$aa$aa$a ia ct. 83 15:25:44 
Priority Time Source Type/Description Ack 
Critical Oct @3 15:12:10 Global Network Abs usage exceeded 25% 
Warning 122 ile Server or more error reports 
Warning 15:13:43 Print Server 5 or more error reports 
Warning 15:14:11 William Griffith 5 or more error reports 
Warning 15:24:26 Steven Anderson 5 or more error reports 
Warning 15:24:55 Alex Zwick 5 or more error reports 


1 3 Ack §4Clear 95 6Disply 10 Stop 
Help alarm § alarm § Menus fMoptions monitor 


Figure 9-13. Alarm Log view. 


The following list explains the fields in the Alarm Log view: 


Priority Priority level of the network event that triggered 
the alarm. 

Time Time and date the event occurred. 

Source Name of the station that triggered the alarm. 


“Global Network” is displayed if the alarm is a 
global alarm. 


Type/Description Type of event that triggered the alarm. 
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Ack Whether the alarm has been acknowledged 
(indicated by a V mark). 


Display Global History 


Displays a history of activity for the entire network at intervals you 


determine. 

Options 
Numeric Displays history statistics as columns of numbers. 
Graphic Displays the usage of the network in a graph. 


Global History Statistics in Numeric Format 
Figure 9-14 is an example of the Global History Statistics view. 


Time 


Oct 26 16:36:43 17, 468 4,533, 409 
16:34:43 28, 984 7,229,993 
16:32:43 24,326 5,747,665 
16:30:43 22, 886 5,740,709 
16:28:43 24,973 6,687,986 
16:26:43 25, 869 6,382,822 
16:24:43 26, 788 6,407,611 
16:22:43 29, 863 6,571,694 
16:28:43 25,359 6,285,828 
16:18:43 24,168 6,148,575 
16:16:43 26, 289 6,781,264 
16:14:43 26 , 366 6,715,119 
16:12:43 26, 969 6,152,979 
16:18:43 26, 891 6,511,299 
16:88: 43 22,652 5,513,472 
16:86:43 26,378 6,595, 404 
16:84:43 24,485 6,895, 834 
16:82:43 22,415 5,471,446 


monitor 


Figure 9-14. Global history statistics (numeric format). 


The leftmost column of numbers identifies the interval number, with 
the most recently recorded interval at the top of the screen. 


The following list explains the fields in the numeric Global History 
Statistics view: 


Time Date and time of each interval. The date is not 
displayed if it is the same as the one above it. 


Frames Number of frames recorded for each interval. 


cas 


Display 


Errs Number of soft error report frames recorded for each 
interval. 

Bytes Number of bytes recorded for each interval. 

Size Average size of the frames recorded for each interval. 

% Usage Absolute network usage (in percentage) for each 
interval. 


Global History Statistics in Graphic Format 


Figure 9-15 is an example of the graphic Global History Statistics 
view. 


Tine 


Oct 26 16:36:43 
16:34:43 
16:32:43 
16:30:43 
16:28:43 
16:26:43 
16:24:43 
16:22:43 
16:28:43 
16:18:43 
16:16:43 
16:14:43 
16:12:43 
16:18:43 
16:08:43 
16:26:43 
16:04:43 
16:82:43 


3° Views4d Views 6Displugi/ Scale§i8 Scale 10 Stop 
earlier laterf{ Menus foptions™ up down monitor 


Figure 9-15. Global history statistics (graphic format). 


The graphic view contains the interval number, the time, and the 
network usage. The graph illustrates the percentages of network 
usage. 


Display Station History 


Displays a history of activity for a selected station or address at 
intervals you determine. The title identifies the station as well as 
whether statistics represent transmissions, receptions, or both, and 
whether they show absolute or relative network usage. If you do not 
select a station, these statistics are collected for the default address 
(Broadcast). 
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Options 
Numeric Displays station history statistics as columns of 
numbers. 
Graphic Displays station history statistics in a graph. 


Station History Statistics in Numeric Format 


Figure 9-16 is an example of the history statistics view for a station 
named “File Server” in numeric format. The statistics displayed in the 
view pertain to the traffic transmitted or received (or both) by the 
station, depending on the setting of the Class option in the Display 
menu. 


ABSOLUTE HISTORY STATISTICS TO AND FROM File Server-—————ct. 26 16:39:06 
Time Frames  Errs Bytes Size %Usage 


Oct 26 16:38:43 3,825 
16:36:43 19,543 
16:34:43 16,919 
16:32:43 14,263 
16:30:43 13, 286 
16:28:43 14,555 
16:26:43 14,674 
16:24:43 15,689 
16:22:43 14,594 
16:20:43 14,588 
16:18:43 14,230 
16:16:43 15,392 
16:14:43 45,524 
16:12:43 15,719 
16:18:43 15,254 
16:88:43 13,172 
16:66:43 15,284 
16:84:43 14,325 


3 Viewd Views . 6Disply 10 Stop 
earlier laterff Menus fMfoptions monitor} 


Figure 9-16. Station history statistics (numeric format). 


931,393 
2,962,188 
4,437,814 
3,201,848 
3,452,364 
4,179,546 
3,939, 638 
3,772,781 
3,987,243 
3,778 , 333 
3,814,411 
4,395, 863 
4,836,815 
3,773,153 
3,941,129 
3,476,488 
4,876,686 
3,718,778 


AKNrWHBMRHAWANOTH RH WWWMD 


The leftmost column consists of the interval numbers, with the most 
recently recorded interval at the top of the column. 


Time Date and time of each interval. 

Frames Number of frames recorded for each interval. 

Errs Number of errors recorded for each interval. 

Bytes Number of bytes recorded for each interval. 

Size Average size of the frames recorded for each interval. 
% Usage Percentage of absolute or relative network usage for 


each interval. 


ae 


Alarm 


Station History Statistics in Graphic Format 


Alarm 


Options 


Figure 9-17 is an example of the station history view for a station 
named “File Server” in graphic format. 


ABSOLUTE HISTORY STATISTICS TO AND FROM File Server-———Oct 26 16:39:51, 
2 4 6 8 1 


Time Usage @ 
22 Oct 26 16:38:43 1.59 
21 16:36:43 5.05 
28 16:34:43 7.59 
19 16:32:43 5.58 
18 16:30:43 5.96 
17 16:28:43 G13 
16 16:26:43 6.73 
15 16:24:43 6.47 
14 16:22:43 6.84 
13 16:28:43 6.46 
12 16:18:43 6.52 
14 16:16:43 7.58 
16 16:14:43 6.98 
9 16:12:43 6.47 M 
8 16:10:43 6.74 0 
7 16:08:43 5.93 r 
6 16:86: 43 6.96 e 
5 16:04:43 { 


3 Views4d Views 6Displu—f? Scale™i8 Scale 10 Stop 
learlier—f laterff Menus Moptions™ up down monitor] 


Figure 9-17. History statistics for “File Server” (graphic format). 


The leftmost column consists of the interval numbers, with the most 
recently recorded interval at the top of the column. 


Time Date and time of each interval. 


% Usage Percentage of absolute or relative network usage for 
each interval. The graph illustrates the percentages. 


Clears alarms from the alarm buffer automatically, sets alarm 
thresholds, and determines where to send the alarm log. 


Edit Displays the Manage Station Information view, in 
which you can edit station information. For further 
information on station information, refer to “Manage 
Stations” on page 9-40. 
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Auto clear 


Thresholds 


Sets an interval (1 minute to 99 hours) at which the 
monitor automatically clears each alarm to make room 
in the alarm buffer. To make sure alarms are not lost, 
use Log to for printing out the alarms or storing to 
disk. To turn Auto clear off, choose 0. The default 
value is 1 hour. The monitor can clear alarms 
automatically only when it runs in the foreground. 


Specifies alarm thresholds. There are two types of 
thresholds: Global and Station defaults. 


Global determines the types of network events that 
cause global alarms. Options for Global are described 
below: 


If Unknown station is selected, a station that has not 
been named triggers an alarm when it transmits 
frames. 


Specify other causes of alarms with the Errors, Usage, 
Broadcast, and Idle options. Except for the Idle 
option, you can define an interval (5 seconds to 60 
minutes) during which the monitor determines 
whether a threshold has been exceeded. After each 
interval, the count resets to 0. 


Errors defines the number (1 to 65,535) of soft error 
frames on the network that triggers an alarm. The 
default number is 20; the default interval is 30 seconds. 


Usage defines the percentage (1 to 100%) of absolute 
network usage that triggers an alarm. The default 
percentage is 50%; the default interval is 5 seconds. 


Broadcast specifies the number of frames that can be 
sent to the broadcast address before the monitor 
generates an alarm. The default number is 100; the 
default interval is 5 seconds. 


Idle specifies the length of time (5 seconds to 1 hour) 
the network can be inactive before the monitor 
generates an alarm. The default length of time is 15 
minutes. 


Station defaults assigns the default threshold settings 
to new stations as they are detected on the network. 
The thresholds are described below: 


Errors defines the number (1 to 65,535) of soft error 
frames a station can transmit before triggering an 
alarm. The default number is 100. 
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Alarm 


Log to 


No response determines when the monitor generates 
a no-response alarm. The default setting of No 
response is Off. The monitor does not generate a no- 
response alarm each time the specified number of 
seconds has elapsed since a station received a frame. 
Instead, it makes sure that the station it generates the 
alarm for has been receiving but not transmitting. For 
example, if No response is 5 seconds, the monitor 
generates the alarm when either of the following 
conditions occurs: 


* A station’s last reception happened at least 5 
seconds after the last transmission, and it has 
received 3 frames since the last transmission. 


* A station’s last reception happened at least 5 
seconds after the last transmission, and 5 seconds 
have elapsed since the last reception. 


Idle defines the length of time (1 to 120 minutes) the 
station can go without transmitting before triggering 
an alarm. The default setting is Off. That is, the 
monitor does not generate an alarm regardless of how 
long a station has been idle. 


Usage defines the percentage of relative network 
traffic (1 to 100%) the station can generate before 
triggering an alarm. The default setting is Off. 


Priority defines the importance of alarms for a given 
station. The priority levels are Inform, Warning, 
Minor, Major, and Critical. The default value is 
Warning. 


Specifies where to send the alarm log. You can select 
either or both of the following: 


* Printer, which sends the alarm log to the specified 
printer. 


Select the Device LPT1 option in the Alarm\Log 
to\Printer menu to print on the server's printer port; 
select the Device LPT2 option to redirect the 
printout to the console. Specify the number of lines 
(0 to 256) on each page with the Page size option. If 
you specify 0, no page break is inserted. The default 
page size is 58. 


* File, which sends the alarm log to a disk file 
(ALARM.LOG). 
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Report 


Options 


The Clear alarm file option in the Alarm\Log 
to\File menu determines whether the monitor 
appends the current alarm log to the previous log 
file or clears the log file each time it starts 
monitoring. A preceding V mark indicates that the 
file is cleared at the beginning of each monitoring 
session. 


Generates reports based on report scripts. You can print the resulting 
reports and save them as files, in either standard or CSV (comma- 
separated values) format. The Report Script Editor view lets you 
modify report scripts to customize reports to your needs. 


Load 


Loads an existing report script which you can use to 
generate a report or edit before generating a report. 
(The monitor looks for report scripts in the 
C:\TRREPORT\SCRIPTS directory). 


The monitor comes with the following report scripts: 


ERRORS.SCR provides statistics for the 10 stations 
that transmitted the most frames with errors during 
the most recent monitoring session. A station must 
have transmitted at least five frames with errors to be 
included in the report. 


FRAMSIZE.SCR shows the frame size distribution. 
The statistics provided include the number and 
percentage of frames that fall in each frame size 
category. A graph illustrates the percentages. 


HISTORY.SCR shows the absolute network usage in 
percentages for all the history intervals. 


LISTENRS.SCR provides statistics for the 10 stations 
that received the most traffic during the most recent 
monitoring session. 


RINGORDR.SCR provides statistics for the relative 
usage of the network by all stations. The stations are 
sorted by ring order. For further information on ring 
order, refer to “Display All Stations” earlier in this 
chapter. 
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Edit 


ROUTELEN.SCR provides statistics for different 
route lengths. The report shows the number and 
percentage of frames of each route length. The 
information in the report is the same as the Route 
Lengths view. 


ROUTEPTH.SCR provides statistics for route path 
distribution. The report shows the number and 
percentage of frames for each type of route path. In the 
display, “Loc” represents local; “Rem” represents 
remote; and “Other” represents other routes. For 
further information on route paths, refer to “Display 
Routing Info” earlier in this chapter. 


SAPS.SCR provides statistics for the SAP protocol 
type distribution. The report shows the number of 
bytes that belong to each SAP protocol type and the 
percentage of network usage by these bytes. 


TALKERS.SCR provides statistics for the 10 stations 
that transmitted the most traffic during the most 
recent monitoring session. 


USERLIST.SCR lists the physical addresses and names 
of all stations, sorted in descending order by name. 


USERS.SCR provides transmit and receive statistics 
for all stations, sorted in ascending order by name. 


USERSCSV.SCR provide the same information as the 
USERS report, but in a delimited format that allows 
you to import the information into spreadsheets and 
other applications. 


(For more information on these reports, see “Sample 
Reports: An Overview” on page 6-3.) 


Displays Report Script Editor view, which contains 
the last report script loaded and the function keys with 
which you modify the script. Refer to “Report Script 
Editor View” on page 9-39 for further information on 
how to use the function keys. 


The Edit option also specifies how the statistics are 
sorted and what statistics are to be included in an 
existing report script. 


The following are the various options by which a 
report sorts the statistics: 


To refers to the frames the station receives. 


From refers the frames the station sends. 
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Both refers to the frames the station sends and 
receives. 


Note: The To, From, and Both options determine the 
type of traffic to which the sort key applies. Therefore, 
they do not affect how a report orders the stations if it 
sorts them by name or address. These options, 
however, determine whether a station is considered 
active. Refer to the description for Active stns only 
later in this section for information on including only 
active stations in a report. 


Ascending specifies that the stations be displayed in 
ascending order. 


Descending specifies that the stations be displayed in 
descending order. 


Name is the station’s name. 


Partner’s name is the names of the station’s partner. A 
station’s partner is the station that it communicated 
with most recently. 


Ring order is the order the stations are inserted to the 
network. Refer to “Display All Stations” on page 9-16 
for information on ring order. 


Frames is the total number of frames. 

Errors is the total number of soft error frames. 
Bytes is the total number of bytes. 

Average size is the average frame size. 


Network usage is the percentage of network usage by 
the station. 


First activity is the time when the station first sends or 
receives traffic. 


Last activity is the time when the station last sends or 
receives traffic. 


Elapsed activity is the amount of time between the 
first and last activity. 


Address is the station’s address. 


The following describes the options that determine 
what types of statistics are to be included in a report: 
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Active stns only specifies that a station is included in 
a report only if it has sent or received a frame, 
depending on how the stations are sorted. For 
example, if they are sorted by the frames received 
(when the To option in the Report \ Edit \Sort by menu 
is selected), a station is considered active if it has 
received traffic. 


Inserted stns only specifies that a station is included 
in a report only if it is connected to the local network. 
That is, the station status of the station must be active 
monitor, standby monitor, or snooper. 


Delimited format specifies that the report is in 
spreadsheet-compatible format. A report in this 
format does not include embedded commas in 
numbers. Also, when you print out the report, the 
monitor does not insert any page breaks. 


Filter 1 and Filter 2 determine whether the monitor 
uses filters to exclude stations from a report if they do 
not meet certain criteria. How the filters interact with 
each other depends on the AND and OR options. If 
AND is selected, the monitor includes only the 
stations fulfilling the requirements of both filters; if 
OR is selected, it includes the stations that meet the 
requirements defined by either filter. 


For examples that illustrate the filters’ interaction, 
refer to “Creating or Modifying a Report Script” on 
page 6-21 and “Recommendations on Report Editing” 
on page 6-28. 


The To, From, and Both options associated with the 
filters determine whether the monitor filters out 
stations from a report based on the traffic received, 
sent, or both, respectively. These options do not take 
effect if the stations are filtered by sort position, name, 
partner’s name, or address. 


Other options associated with the filters are described 
below. Each option defines a range of values. 


Sort position is the position of the station in the 
report. The permissible range is 1 through 1,024. For 
example, if you specify that the minimum is 1 and 
maximum is 20, the top 20 stations are included in the 
report. 
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Name is the station’s name. It specifies the 
alphabetical range to which the station’s name must 
belong if the station is to be included in the report. The 
minimum value is “” and the maximum is 

we ee ” That is, the minimum or 
maximum value can be up to 16 characters. For 
example, you can define “bb” as the minimum value 
and “kk” as the maximum. If a station’s name is 
bobby, it fulfills the requirement of the filter. If a 
station’s name is kristen, it is outside the specified 
range and the station will not be included in the 
report. Numerals are considered smaller than letters. 
For example, you can define the minimum to be “123” 
and maximum to be “abc.” The name strings are case- 
sensitive; lowercase is smaller than uppercase. For 
example, “abc” is smaller than “ABC,” and “C’” is 
smaller than “z.” 


Partner's name is the name of the station with which 
a station communicated most recently. For a station to 
be included in the report, its partner’s name must 
belong to the alphabetical range defined by Partner’s 
name. The rules for specifying the range are the same 
as those for Name. 


Frames is the total number of frames. The permissible 
range is 0 through 4,294,967,295. 


Errors is the number of soft error report frames. The 
permissible range is 0 through 65,535. 


Bytes is the number of bytes. The permissible range is 
0 through 999,999,999,999. 


Average size is the average frame size. The 
permissible range is 17 through 18,432. 


First activity is the date and time when the first 
activity takes place. The minimum time is 0 days; the 
maximum time is 49 days 17:02:47.295. A station is 
included only if its first activity happened in the time 
period specified. For example, suppose the 
monitoring session started at 1 p.m. If you specify that 
the minimum value of First activity is 2 hours, and 
that the maximum value is 7 hours, a station is 
included in the report only if its first activity happens 
between 3 p.m and 8 p.m. 


Last activity is the date and time when the last activity 
takes place. It has the same permissible range as First 
activity. 
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Clear 


Print 


Elapsed activity is the time between the first and last 
activity. It has the same permissible range as First 
activity. For example, if you set minimum value to 0 
and maximum value to 2 days, only the stations 
whose first and last activities happened within 2 days 
meet the requirement of the filter. 


Address is the station’s address. The permissible 
range is 000000000000 through FFFFFFFFFFFF. 


Absolute usage is the percentage of absolute network 
usage by the station. The permissible range is 0 
through 100%. For example, if you specify minimum 
to be 10% and maximum 100%, only the stations 
whose traffic accounts for at least 10% of the network 
capacity meet the requirement of the filter. 


Relative usage is the percentage of relative network 
usage by the station. The permissible range is 0 
through 100%. For example, if you specify minimum 
to be 10% and maximum 100 percent, only the stations 
whose traffic accounts for at least 10% of the network 
traffic meet the requirement of the filter. 


Saves a report script you created or modified. The 
report script must be stored in the 
C:\TRREPORT\SCRIPTS directory. 


Erases the contents of the report editor. 


Prints the report based on the report script that has 
been loaded. 


The Screen option displays the report on the screen. 


The Device LPT1 option is the printer port on the 
server, and Device LPT2 redirects the output to the 
console. If you send the report to a printer, you can 
specify the number of lines per page. The default is 58. 


The File option saves the report to disk under a 
filename of your choice. The monitor attaches the 
extension .RPT or .CSV (if the report is in delimited 
format) to the filename. 


The Page size option is applicable if Delimited format 
in the Report \ Edit menu is disabled, and the report is 
printed to a file or device. It defines the number of 
lines printed before the monitor inserts a page break. 
The number ranges from 1 to 256. If you want no page 
breaks, set this option to 0. When the monitor inserts a 
page break, it also prints the header text in the report 
(for example, the report title). 
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Auto print 


Prints out the report at each interval until midnight; 
restarts printing at the time specified by the Start time 
option. The monitor must be running in the 
foreground for Auto print to function. The following 
describes the options: 


Report specifies the file to be printed. 


Start time determines when the first report of each 
day is printed. For example, if Start time is set to 12:00, 
and the current time is 8 a.m., the monitor will print 
the first report at noon. If the start time is already past 
(for example, it is set to 08:00 and the current time is 2 
p-m.), the first report is printed at the next interval 
boundary, which is determined by the Interval 
option. For example, if Interval is 15 minutes, the first 
report is printed at 2:15 p.m. To disable this function, 
specify 00:00. By default, Start time is disabled, which 
means that the the first report is generated 
immediately. 


Interval determines how often the monitor prints a 
report. Specify a time between 1 minute and 24 hours. 
The default value is 1 hour. 


Print to device specifies the printer port the monitor 
uses to print out the file. (The Device LPT1 option 
refers to the printer attached to the server; the Device 
LPT2 option redirects output to the console.) You can 
specify the number of lines per page. The default is 58; 
selecting 0 disables page breaks. When the monitor 
produces a page break, it also prints the header text 
(for example, the title of the report). 


Print to disk specifies that the monitor print the report 
to a file in the C:\ TRREPORT directory. If Single file 
is selected, all reports are appended to one file. The 
filename is ARYYMMDD.RPT (YYMMDD represents 
the year, month, and day). If Multiple files is selected, 
each report is printed to a separate file. The filename 
for each report is YYMMDDNN.RPT (NN represents 
the number of the report). You can print reports to up 
to 99 files. 


Restart monitor determines whether the monitor 
starts a new monitoring session once it printed out a 
report. 


By default, Print to device, Print to disk, Multiple 
files, and Restart monitor are not selected. 
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Report Script Editor View 


The Report Script Editor view (invoked by Edit in the Report menu) 
lets you modify the last report script that was loaded. Its functions are 
accessible through special function keys. These keys are described 


below: 


F2 (Insert field) 


F3 (Insert line) 
F4 (Delete line) 


F6 (Edit options) 


F7 (Chars) 
F8 (Repeat char) 


F9 (Screen test) 


Displays a list of fields you can include in the 
report. When you select a field, the monitor 
inserts a code into the script. Whenever you 
preview, print, or save a report based on this 
script, the monitor inserts the current statistics 
that the code represents. Appendix B provides 
information on the report fields. 


Inserts a blank line into the report script. 


Deletes the line that contains the cursor from the 
report script. 


Provides the Load, Save, Clear, Print, and Auto 
print options. These options are also available 
when you select Report from the Main Menu. 


In addition, the Report settings option specifies 
how the statistics are sorted, whether only active 
stations are included, whether only inserted 
stations are included, and how the filters are 
used. Report settings presents the same menu as 
the Report \Edit menu. 


Lists the special characters you can insert ina 
report script. 


Repeats special characters for continuous lines or 
borders. 


Provides a preview of the current report on 
screen. 
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Manage Stations 


Displays and edits station information such as station names and 
threshold settings. 


Options 


Edit Displays the Manage Station Information view. 
This view is also generated by Edit in the Alarm 
menu. Refer to “Manage Station Information 
View” on page 9-40 for further information on 
the view. 


Reset thresholds __ Resets all station alarm thresholds to the default 
settings specified by the current station default 
thresholds. 


Probe fornames Tries to assign names automatically using the 
NetBIOS remote status command. A station 
responds only if it is active and running the 
NetBIOS software. (The server that runs the 
monitor also responds to the NetBIOS remote 
status command.) 


Manage Station Information View 


Figure 9-18 is an example of the Manage Station Information view. 


ANAGE STATION INFORMATLON—AD AARADaaAa ia _ _____——_ 
Address Name Idle Usage Priority 
2 5 Off 


Anthony Serrao 
$200004E3406 Barbara Lemmon 
$000004E3126 Barney Ingram 
9002004E7256 Bill Goodman 
$200204E5296 David Brooks 
$200004E2001 Denise Martin 
QQ00004E2108 Ed Hicks 
$000004E4302 File Server 
9002004E3504 Fred Biddle 
$202004E0025 George Stanley 
PQ00004E0062 Helene Milici 
QQ02004E7506 Jack Clayton 
9000004E3249 James Wylie 
O200004E2301 Jill Franz 
9002004EG654 Ken Quinn 
O200004E2012 Linus Stanwick 
0200004E4523 Mark Ellison 
9020204E3896 Michael Harley Warning 


9000004E8347 Miles Russell Warning 
Ise tT and | then press ENTER 


1 2 Apply 4Delete—is 6 Editi’ Thre 
Help fidefault} stationl§ Menus fMfoptionsgopt ion 


Figure 9-18. Manage Station Information view. 
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Options 


Options 


To edit a station’s information, use the cursor to highlight the 
corresponding entry. You can also type the first letter of the station’s 
name to move to the entry. Press Enter, and a dialog box appears, 
which allows you to change the following types of information: 


Name The station name assigned to an address. The 
name can contain up to 16 printable ASCII 
characters. 

Errors The number of soft error frames (1 to 65535) a 


station can transmit before triggering an alarm. 


No response How longa station can be sent frames (broadcast 
frames excluded) without responding before 
triggering an alarm. Any value from 1 to 7 
seconds is allowed. 


Idle The length of time (1 to 120 minutes) the station 
can go without transmitting before triggering an 
alarm. 


% Usage The percentage of network traffic (1 to 100%) the 
station can generate before triggering an alarm. 


Priority The importance of a station’s alarms. The priority 
level can be Inform, Warning, Minor, Major, or 
Critical. 


Alternatively, you can use the function keys to edit the station 
information as described below: 


F2 (Delete station) Removes the station from the monitor data files. 


F4 (Apply default) Changes the threshold settings to the defaults. 
Specify the defaults with Alarm on the Main 
Menu. Refer to “Alarms” earlier in this chapter 
for further information on setting station default 
threshold settings. 


F7 (Thres options) Displays the threshold options, which are the 
same options displayed by the Thresholds 
options in the Alarm menu. 


Displays the current network speed. You cannot modify the speed, 
which is either 4 Mb/s or 16 Mb/s, in the Options menu. To change 
the network speed, you must change the setting on the server's 
network interface card. For further information on setting the 
network speed, refer to the Distributed Sniffer System: Installation and 
Operations Manual. 
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Exit 


Terminates the monitor’s user interface and displays the Sniffer 
Server's Main Selection Menu. 


Although you can continue to monitor in the background after you 
terminate the monitor's user interface, you cannot log alarms, clear 
the alarm log, or print reports automatically. 


Upon exit, the monitor writes the STARTUP.TRB file. 
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Appendix A. Error and Warning Messages 


This appendix lists the monitor’s error and warning messages 
alphabetically. It explains each message and describes the action you 
should take when the message appears. 


Monitor Error Messages 


An error was encountered while loading the report script. 


Appears when you try to load an invalid report script file. Check your 
script and reload. 


Automatic report generation failed. 


Appears when the monitor tries to print a report automatically but the 
report script is corrupted. Check the report script file, edit it if 
necessary, and load it before you regenerate the report. 


Automatic report generation failed. Couldn't open report file. 


Appears when the monitor tries to print a report automatically but 
there are problems with the destination disk (for example, the 
directory structure is damaged). Make sure that your disk is operating 
properly and that the report scripts are stored under the 
C:\TRREPORT\SCRIPTS directory. 


Automatic report generation failed. Couldn't sort stations. 


Appears when the report to be printed is sorted by ring order but the 
monitor cannot determine the ring order. This happens when the 
actual number of stations on the network exceeds 1,024. 


Automatic report generation failed. Disk full. 


Appears when the monitor tries to print a report automatically to the 
disk but the disk is full. Remove unnecessary files from the disk to 
make room for the reports. 


Automatic report generation failed. Report script not found. 


Appears when the monitor tries to print a report automatically but 
cannot find the report script that the report should be based on. Check 
to be sure that the script is stored in the C:\TRREPORT\SCRIPTS 
directory. 


Automatic report generation failed to restart monitoring. 


Appears if the monitor fails to restart monitoring after generating a 
report automatically. Check to see whether the hardware 
configuration is correct. If the monitor still cannot start monitoring, 
contact NGC for help. 
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Automatic report generation failed to restore report script. 


Appears if the monitor cannot restore the report script after 
generating a report automatically. The changes that you have made to 
the script with the script editor are lost. Contact NGC for help if this 
happens. 


Can’t concatenate fields. 


Appears in the Report Script Editor view if you try to place two fields 
on the same line without any text characters between them. Place at 
least one text character between any two fields. 


Couldn't generate a NetWare echo test. 


Appears when the monitor cannot communicate with the NetWare 
stack installed on the server's network interface card. Contact NGC 
for help if this happens. 


Couldn’t open file. 


Usually indicates that you typed the file name incorrectly. Try typing 
the name again. If you cannot open any files, check the FILES= setting 
in the DOS file, CONFIG.SYS, increase the number, and reboot. 


Couldn’t save station information. 


Appears if the disk is full. Make room by deleting other files that may 
not be essential, such as old history logs. 


Fatal Error: Unable to determine the monitor state! Re-boot the 
system and configure the monitor again. If the problem persists, 
contact Technical Support. 


Appears when the server fails to determine the state of the monitor. 
Reboot the server, and contact NGC if the same message appears the 
next time you try to start the monitor. 


Fatal Error: Unable to load the monitor. Re-boot the server and try 
again. If the problem persists, contact Network General technical 
support. 


Appears when you attempt to start the monitor but the server fails to 
load the necessary files into memory. Reboot the server and try again. 
If the message appears again, contact the NGC technical support. 


Fatal Error: Unable to unload the monitor from memory. Re-boot 
the system and try again. If the problem persists, please contact 
Network General Technical Support. 


Appears when the server fails to remove driver from memory. Reboot 
the server; contact NGC if the same message appears again. 
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Field too long. 


Appears in the Report Script Editor view when the end of the field 
you want to include reaches past the end of a line (column 80). Try 
positioning the cursor farther to the left before placing the field. 


Help file not found. 


The monitor could not find the TRMON.HLP file in the C:\TRSNIFF 
directory. Restore this file from your back-up disk. 


Network card not responding. 


Indicates a problem with programming the network interface card. 
Contact NGC for help. 


No alarms to process. 


Appears if you try to acknowledge or clear an alarm in the Alarm Log 
view when there are no alarms in the alarm buffer. 


No report script disk files found. 


Appears if you try to load report scripts and the monitor cannot find 
any report script files. Restore the report scripts from your back-up 
disk. 


No statistics have been collected. 


Appears when you try to display statistics but you have not started a 
monitoring session. Start a monitoring session by pressing F10 (New 
monitor). 


Nota valid DOS file name. 


Appears when you try to enter a filename that contains invalid DOS 
characters. Try typing the name again, following the DOS filename 
requirements. 


Sorting by errors with the Class option set to “To” is invalid. Press 
F6 to select a different sort option, or press F5 for the main menu. 


Appears if you try to sort the stations in the All stations view by the 
number of errors transmitted while the setting of the Class option is 
To. “Errors” is an invalid sort key because soft error frames are 
received by the error monitor only. 


The broadcast address cannot be deleted. 


Appears if you try to delete the broadcast address. Reselect the station 
you want to delete. 


The current report script contains no information. Use the Report 
Editor to create a report, or load a report from a disk file. 


Appears if you try to print or save a report without first loading or 
editing a report script. Load the desired report script or create a report 
script. Then retry. 


nS 


Distributed Sniffer System: Token Ring Monitor Operations Manual 


The minimum filter value must be less than or equal to the 
maximum filter value. 


Appears if you try to enter a minimum value for a report filter that 
exceeds the maximum value. Enter a minimum filter value that is less 
than or equal to the maximum filter value. 


The STARTUP.TRI file has too many entries. The entries at the end 
of the file were not loaded. 


Appears if STARTUP.TRI contains more than 225 entries. 


The STARTUP.TRT file has been changed. You must unload 
TRMONDRV.EXE for the changes to take effect. 


Appears if you have used a text editor to modify STARTUP.TRT when 
TRMONDERV is loaded. In order for the monitor to use consistent SAP 
information, you must remove TRMONDRV from memory before 
changing STARTUP.TRT. Then restart the monitor. 


The STARTUP.TRT file has too many entries. The entries at the end 
of the file were not loaded. 


Appears when STARTUP.TRT contains more than 32 entries. 


The STARTUP.TRT file has too many group entries. The entries at 
the end of the file were not loaded. 


Appears when STARTUP.TRT contains more than 16 SAP labels. 
The value you have entered is not valid for this item. 


Appears when you enter an invalid value. Most messages tell you the 
range of valid values; if not, try entering a lower or higher value. 


This is not a Network General network card. What you are doing is 
illegal! 


Appears if you use the monitor software with a network interface card 
other than that supplied by NGC. 


This software has been tampered with. What you have done is 
illegal! 


Your software has been illegally modified and executable files were 
corrupted. Call NGC for help. 


Unable to print alarm log, check printer. 


Appears when you try to print the alarm log and the printer does not 
respond. Make sure the printer is connected to the printer port on the 
server or console and that it is turned on and functioning properly. 


Write to alarm log failed. Disk full. 


Appears if the disk is full when the monitor tries to add alarms to the 
alarm log on the disk. Make room by deleting other files that are not 
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essential, such as files containing history statistics that you no longer 
need. 


Write to file failed. Disk full. 


Appears if the disk is full when you try to store a report to the disk. 
Make room by deleting other files that may not be essential, such as 
files containing history statistics that you no longer need. 


Write to history log failed. Disk full. 


Appears if the disk is full when the monitor tries to store the history 
log to the disk. Remove unnecessary files from the disk to make room 
for the history log. 


You did not enter a file name. 


Appears if you try to store a report to the disk but have not specified 
the filename. 


You must load a NetWare shell before you can use this feature. 


Appears if the monitor tries to perform a station test but no network 
interface cards are loaded with NetWare. Check to make sure that 
more than one network card is installed in the server, and that one of 
the network cards is using NetWare. 


You must load a NetBIOS handler before you can use this feature. 


Appears if you try to use Station test with the NetBIOS or Probe for 
Names option and the monitor cannot find the NetBIOS software. If 
you are sure that you are running NetBIOS, press Enter to ignore the 
message. If you cannot proceed, contact NGC for help. 


You must specify a unique station. 


Appears if you try to send a test frame with either a broadcast or 
multicast address as the destination address. Select an individual 
station as the destination address of a test frame. 


You must stop monitoring before you can use this feature. 


Appears if you try to start a transmit timer or station test when a 
monitoring session is in progress. Press F10 to stop the monitoring 
session before starting these monitor functions. 


You should not include a file extension. 


Appears if you include a file extension when you specify a name of a 
file to which a report is stored. 
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Monitor Warning Messages 


The following is an alphabetical listing of warning messages that 
appear during normal operation. They provide a brief explanation of 
the consequences of proceeding and give you a chance to change your 
mind. 


Any changes made to station alarm configurations will be lost if 
you proceed. 


Appears after you change threshold settings and then try to reset all 
thresholds to the default settings. 


File exists. 


Appears when you try to assign a report script filename that already 
exists. Unless you assign a different filename, the new report script 
overwrites the existing script. 


No Receive Signal detected. Make sure that you entered the ring at 
the correct speed. 


Appears if the monitor enters the token ring network at the wrong 
speed or if it is the only station on the ring. If the wrong speed has 
been set, stop the monitor, reset the speed on the network card, and 
restart the monitor. 


The current history statistics will be cleared if this setting is 
updated. 


Appears when you try to change either the station for which history 
statistics are collected or the history interval during a monitoring 
session. To prevent losing the statistics, print a report before changing 
these settings. 


The last line of the report script will be lost if this line is inserted. 
Press ENTER to proceed. Press ESC to cancel. 


Appears if you try to create or modify a report script to contain more 
than 58 lines. 


The number of stations being monitored has reached the maximum 
value set in the configuration program. You should increase this 
setting to make sure that all stations are being monitored. 


Appears when the actual number of stations on the network exceeds 
the value of Maximum Stations in the Configuration Options view. 
The message appears when you use the Display command on the 
Main Menu. 


The number of stations being monitored has reached the Sniffer 
Network Monitor’s maximum value. 


Appears when more than 1,024 stations are on the network; 1,024 is 
the maximum number of stations that the monitor can monitor. 


Monitor Warning Messages 


The Sniffer Network Monitor will stop monitoring if you proceed. 
Press ENTER to proceed. Press ESC to cancel. 


Appears after you pressed F10 during a monitoring session. To stop 
monitoring, press Enter. If you want the monitoring session to 
continue, press Esc. 


These changes will not be saved unless you enter a name for the 
station. 


Appears if you try to save alarm thresholds for a station that is not 
named. Since the monitor considers unnamed stations as intruders, 
you must name all legal stations. 


This selection will not take effect until the next time the collection 
of history statistics starts. 


Appears if you change the Align history option under History. The 
new setting takes effect at the next monitoring session. 


The Sniffer Network Monitor has been monitoring for more than 5 
weeks. You must start anew monitoring session or the statistics will 
overflow. 


Indicates that the statistics accumulated may not be accurate due to 
overflow. You should start a new monitoring session. 


You have not saved the latest Report Editor session. Any changes 
will be lost if you proceed. 


Appears if you try to exit the monitor’s Main Menu without saving 
the latest report script you edited. 


You must stop monitoring before you can change this filter. 


Appears if you try to change the option settings for Monitor filter 
when a monitoring session is in progress. Press F10 to stop 
monitoring before you change the options. 
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Appendix B. Report Fields 


Chapter Overview 


This appendix explains the meaning of each field that you can insert 
or edit in a report script. It also gives the code that represents each 
field. On the screen, the actual code is preceded and followed by the 
“at” sign (@). 


To display the list of report fields as shown in Figure B-1, press F2 
(Insert field) in a Report Script Editor view. This appendix describes 
the fields in the same order as they appear in Figure B-1. To find out 
what a particular code in your report script stands for, refer to the list 
of codes at the end of this appendix. 


-REPORT SCRIPT EDITOR: 


FIELD! 
Global Errors Station From To Both 


SrvrAddr State Sort Pos Partner Partner Partner 
Stations Oversize Address % Usage % Usage % Usage 
% Usage Purges Name Frames Frames Frames 
Frames SoftErrs Status Errors Errors 
Hist Stn Bytes Bytes Bytes 
Text Avg Size Avg Size Avg Size 


CSV Ret First First First 
Last Last Last 
Elapsed Elapsed Elapsed 
History History History 


Figure B-1. Report fields. 
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Global Fields 


The fields under the heading “Global” represent information about 
the entire network. The following list explains the meanings of the 


Global fields: 
SrvrAddr 


Stations 


% Usage 


Frames 
Bytes 
Avg Size 
First 


Last 


Elapsed 


Server’s NetBIOS name. If more than one server is 
connected to a console, the name helps you determine 
which server generates a particular report. The code is 
GSERVER ADDR. 


Number of stations. It has three options: 


Total Stations is the number of all the stations that 
have transmitted in the current monitoring session. 
The code is GS. 


Maximum Inserted Stns is the maximum number of 
stations at one time in the current monitoring session, 
whose station status is active monitor, standby 
monitor, or snooper. The code is GMI. 


Current Inserted Stns is the number of stations whose 
station status is active monitor, standby monitor, or 
snooper at the time the report is generated. The code 
is GCI. 


Absolute network usage. It has two options: 


Numeric displays the percentages in numbers 
(without the percent sign). The code is GUAB. 


Graphic displays the percentages in a graph. You can 
select the scale used on the axis, which can be 0.4, 2, 10, 
20, 50, or 100%. The code is GUSAGE ABS, which is 
followed by the scale. 


Total number of frames. The code is GFRAME. 
Total number of bytes. The code is GBYTE. 


Average size of the frames in the current monitoring 
session (total number of bytes divided by the total 
number of frames). The code is GAV. 


Time when the first network activity took place. The 
code is GFIRST. 


Time when the last network activity took place. The 
code is GLAST. 


Time elapsed between the first and last network 
activity. It shows the number of days, hours, minutes, 
and seconds. The code is GELAPSED. 
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Global Fields 


History 


Start 


End 


Active 


CurrTime 


FrmSizes 


Routing 


Global history statistics. It has two options: 


Numeric shows the history statistics in the same 
format as the numeric Global History view. The code 
is GHISTORY NUMERIC ABS. 


Graphic shows the history statistics in the same 
format as the graphic Global History view. You can 
choose the scale used on the axis, which can be 0.4, 2, 
10, 20, 50, or 100%. The code is GHISTORY GRAPHIC 
ABS. 


Time the monitoring session started. The code is 
GMON START. 


Time the monitoring session stopped. If a monitoring 
session is in progress when the report is generated, the 
current time is printed. The code is GMON END. 


Duration of the monitoring session. The code is 
GMON ACTIVE. 


Current time. The code is GCURRENT TIME. 


Distribution of the frame sizes. It displays the number 
of frames that fall in each size category. The format is 
the same as the Frame Sizes view. The code is 
GFRAME SIZES. 


Routing information. It has two options: 


Paths shows the distribution of frames according to 
path categories. The categories are listed below: 


Loc-to-Loc represents the frames that are originated 
from and destined for the local network. 


Loc-Rem represents the frames that are sent from the 
local network to a remote network. 


Rem-Loc represents the frames that are sent from a 
remote network to the local network. 


Rem-Rem represents the frames whose origin and 
destination are both on remote networks. 


Loc-Other represents the frames that are sent from the 
local network to a remote network that does not 
support source routing. 


Other-Loc represents the frames that are sent from a 
remote network that does not support source routing 
to the local network. 


The code is GROUTE.PATHS. 
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Error Fields 


Station Fields 


SAPs 


Lengths shows the distribution of frames according to 
path length categories in the same format as the 
Routing Lengths view. The code is 
GROUTE.LENGTH. 


Distribution of traffic according to SAP types. The 
format is the same as the Protocol Types (SAPs) view. 
It has two options: 


Bytes shows the number of bytes for each SAP type. 
The code is GSAPS.BYTES. 


Frames shows the number of frames for each SAP 
type. The code is GSAPS.FRAMES. 


The fields under the heading “Errors” represent different types of 
errors on the network, which are the same as the ones displayed in the 
lower-left portion of the numeric Global Statistics view. The following 
list explains the meanings of the Error fields: 


State 


Oversize 
Purges 


SoftErrs 


Overall condition of the network. The code is 
ESTATE. 


Number of oversize frames. The code is EOV. 
Number of ring purges. The code is EPU. 


Number of soft errors. The code is ESO. 


The fields under the heading “Station” represent station information. 
The following list explains the meanings of the Station fields: 


Sort Pos 
Address 
Name 
Status 
Hist Stn 


Text 


Sort position of the station. The code is SS. 
Station address. The code is SADDRESS. 
Station name. The code is SNAME. 
Station status. The code is SSTATUS. 


Name of station for which the monitor collects history 
statistics. The code is SHISTORY STN. 


Text characters. If you want to have characters 
separating two entries in the report, position the 
cursor below the line that represents an entry in the 
script, type the character and insert Text. The 
character is printed below each entry in the generated 
report, and is replicated four times. For example, if 
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CSV Ret 


you want to print ##### between each pair of entries in 
the generated report, type # and select Text. The 
character and the code appear in the report script as 
#@ST@. If no character precedes the field, the report 
assumes that character to be a blank, and a blank line 
appears in the generated report where you insert Text. 


Carriage return in a report script with CSV format. 
Use this field if the report contains lines that exceed 
the maximum width of the script (80 characters). The 
report suppresses a linefeed where you insert this 
field. For example, your report contains four fields, 
each of which has 30 characters. If you insert CSV Ret 
after the second field, the third and fourth fields are 
printed on the same line as the first two in the 
generated report. Although the total length of the 
fields exceeds the width of the report script, they are 
interpreted as one entry when the report is imported 
into a spreadsheet program. The code is SC. 


From, To, and Both Fields 


The headings “From,” “To,” and “Both” represent the class of traffic. 
The fields under the headings “From” and “To” are related to traffic 
transmitted and received by each station in the report. The fields 
under the heading “Both” are related to the traffic both transmitted 
and received by the stations. The following list explains the meanings 
of the fields under these headings. The term “this station” refers to the 
station that is displayed as a report entry. 


Partner 


% Usage 


When used as a From field, Partner is the most recent 
station that received traffic from this station. The code 
is FPARTNER. 


When used as a To field, Partner is the most recent 
station that transmitted traffic to this station. The code 
is TPARTNER. 


When used as a Both field, Partner is the name of the 
station that this station most recently transmitted 
traffic to or received traffic from. The code is 
BPARTNER. 


When used as a From field, % Usage is the network 
usage caused by the amount of traffic transmitted 
from this station. 


When used as a To field, % Usage is the network usage 
caused by the amount of traffic sent to this station. 
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When used as a Both field, % Usage is the network 
usage caused by traffic that is sent from and to this 
station. 


Regardless of the class of traffic, the % Usage field has 
these options: 


Absolute represents the absolute network usage; 
Relative represents the relative network usage. 


Numeric displays the network usage in numbers 
(without the percent sign). Graphic displays the 
network usage ina graph. You can choose the scale for 
the axis, which can be 0.4, 2, 10, 20, 50, or 100%. 


The following table lists the codes used for this field. 


SS 


Figure B-3. Codes for the % Usage fields in the graphic format. 


Frames When used as a From field, Frames is the number of 
frames sent from this station. The code is FFRAME. 


When used as a To field, Frames is the number of 
frames sent to this station. The code is TFRAME. 


When used as a Both field, Frames is the number of 
frames sent from and to this station. The code is 
BFRAME. 


Errors Whether Errors is used as a From or Both field, it is the 
number of soft error report frames sent from this 
station. This field does not exist as a To field. The 
codes are FER and BER for the From field and Both 
field, respectively. 


Bytes When used as a From field, Bytes is the number of 
bytes sent from this station. The code is FBYTE. 


When used as a To field, Bytes is the number of bytes 
sent to this station. The code is TBYTE. 


From, To, and Both Fields 


Avg Size 


First 


Last 


Elapsed 


When used as a Both field, Bytes is the number of 
bytes sent to and from this station. The code is BBYTE. 


When used as a From field, Avg Size is the average 
size of the frames sent from this station. The code is 
FAV. 


When used as a To field, Avg Size is the average size 
of the frames sent to this station. The code is TAV. 


When used as a Both field, Avg Size is the average size 
of the frames sent to and from this station. The code is 
BAV. 


When used as a From field, First is the time when this 
station first sent out traffic during the current 
monitoring session. The code is FFIRST. 


When used as a To field, First is the time when this 
station first received traffic during the current 
monitoring session. The code is TFIRST. 


When used as a Both field, First is the time when this 
station first received or sent traffic during the current 
monitoring session. The code is BFIRST. 


When used as a From field, Last is the time when this 
station made the most recent transmission. The code is 
FLAST. 


When used as a To field, Last is the time when the 
monitor detected the last frame containing this 
station’s address as the destination address. The code 
is TLAST. 


When used as a Both field, Last is the time when this 
station made the most recent transmission or when the 
monitor detected the last frame containing this 
station’s address as the destination address. The code 
is BLAST. 


When used as a From field, Elapsed is the length of 
time between the station’s first and last transmission 
in the current monitoring session. The code is 
FELAPSED. 


When used as a To field, Elapsed is the length of time 
between the monitor’s first and last detection of the 
station’s address as a destination address. The code is 
TELAPSED. 
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History 


When used as a Both field, Elapsed is the length of the 
time period between the station’s first and last 
network activity, which can be a transmission or 
reception. The code is BELAPSED. 


Displays the station’s history statistics in the same 
format as the statistics view generated by Station 
history on the monitor’s Main Menu. 


When used as a From field, the display includes the 
number of frames sent from this station. The code is 
FHISTORY. 


When used as a To field, the display includes the 
number of frames sent to this station. The code is 
THISTORY. 


When used as a Both field, the display includes the 
number of frames both sent to and from this station. 
The code is BHISTORY. 


This field has several options: 


Absolute means that all network usage percentages in 
the report are absolute; Relative means that all 
network usage percentages in the report are relative. 
The codes are ABS and REL for Absolute and 
Relative, respectively. 


Numeric displays the station history statistics in 
numbers. The code is NUMERIC. Graphic displays 
the statistics in a graph. You can choose the scale for 
the axis, which can be 0.4, 2, 10, 20, 50, or 100%. The 
code is GRAPHIC. 


In the report, the codes for the options are 
concatenated to form a single code. For example, if 
you select History as a To field, and Numeric and 
Absolute as the options, the code for the field is 
THISTORY NUMERIC ABS. 
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List of Codes 


List of Codes 


Both 


Errors 


This section lists all the codes alphabetically that can appear ina 
report script. They are arranged according to the fields under which 


they appear. 


Code 

BAV 
BBYTE 
BELAPSED 
BER 
BFIRST 
BFRAME 


BHISTORY GRAPHIC ABS 
BHISTORY GRPHIC REL 

BHISTORY NUMERIC ABS 
BHISTORY NUMERIC REL 


BLAST 
BPARTNER 
BUAB 

BURE 
BUSAGE ABS 
BUSAGE REL 


Code 
EOV 
EPU 
ESO 
ESTATE 


Report Field 

Avg Size 

Bytes 

Elapsed 

Errors 

First 

Frames 

History (Absolute, Graphic) 
History (Relative, Graphic) 
History (Absolute, Numeric) 
History (Relative, Numeric) 
Last 

Partner 

% Usage (Absolute, Numeric) 
% Usage (Relative, Numeric) 
% Usage (Absolute, Graphic) 
% Usage (Relative, Graphic) 


Report Field 
Oversize 
Purges 
SoftErrs 
State 
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From 
Code Report Field 
FAV Avg Size 
FBYTE Bytes 
FELAPSED Elapsed 
FER Errors 
FFIRST First 
FFRAME Frames 
FHISTORY GRAPHIC ABS History (Absolute, Graphic) 
FHISTORY GRPHIC REL History (Relative, Graphic) 
FHISTORY NUMERIC ABS __ History (Absolute, Numeric) 
FHISTORY NUMERIC REL _ History (Relative, Numeric) 
FLAST Last 
FPARTNER Partner 
FUAB % Usage (Absolute, Numeric) 
FURE % Usage (Relative, Numeric) 
FUSAGE ABS % Usage (Absolute, Graphic) 
FUSAGE REL % Usage (Relative, Graphic) 
Global 
Code Report Field 
GAV Avg Size 
GBYTE Bytes 
GCI Stations (Current Inserted Stns) 
GCURRENT TIME CurrTime 
GELAPSED Elapsed 
GFIRST First 
GFRAME Frames 
GFRAME SIZES FrmSizes 
GHISTORY GRAPHIC ABS _ History (Graphic) 
GHISTORY NUMERIC ABS __ History (Numeric) 
GLAST Last 
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List of Codes 


Station 


To 


GMI 

GMON ACTIVE 
GMON END 
GMON START 


GROUTE.LENGTHS 
GROUTE.PATHS 


GS 
GSAPS.BYTES 
GSAPS.FRAME 


GSERVER ADDR 


GUAB 
GUSAGE ABS 


Code 
SADDRESS 

is 

SHISTORY STN 
SNAME 

55 

SSTATUS 

ST 


Code 

TAV 
TBYTE 
TELAPSED 
TFIRST 
TFRAME 


THISTORY GRAPHIC ABS 
THISTORY GRPHIC REL 


Stations (Maximum Inserted Stns) 
Active 

End 

Start 

Routing (Lengths) 
Routing (Paths) 
Stations (Total Stations) 
SAPs (Bytes) 

SAPs (Frames) 
SrvrAddr 

% Usage (Numeric) 

% Usage (Graphic) 


Report Field 
Address 
CSV RET 
Hist Stn 
Name 

Sort Pos 
Status 


Text 


Report Field 

Avg Size 

Bytes 

Elapsed 

First 

Frames 

History (Absolute, Graphic) 
History (Relative, Graphic) 
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THISTORY NUMERIC ABS __ History (Absolute, Numeric) 
THISTORY NUMERIC REL History (Relative, Numeric) 


TLAST 
TPARTNER 
TUAB 

TURE 
TUSAGE ABS 
TUSAGE REL 


Last 

Partner 

% Usage (Absolute, Numeric) 
% Usage (Relative, Numeric) 

% Usage (Absolute, Graphic) 

% Usage (Relative, Graphic) 
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Network 
General 


Index 


A 


Absolute network usage 34 


Absolute usage 
—filter for reports 9-37 
Access control scheme 
—token ring network 7-7 
Acknowledging alarms 
—effects on the console 5-14 
—pressing F3 3-19 
Active monitor 
—as an inserted station 6-26, 9-9 
—definition 9-18 
—disconnecting from network 9- 
10 
—position in RINGORDR.SCR 6-8 
—-selecting 9-10 
—sending a Ring Purge MAC 
frame 9-11 
Active stations 
—definition 9-18, 9-35 
—displaying in statistical views 3- 
12 
Adding a blank line ina report script 
6-27 
Adding addresses to station data 
files 4-3 
Adding addresses to station list 2-12 


Adding headers in report scripts 6- 
27 


Adding protocols to STARTUP.TRT 
with EDLIN 3-18 


Address 
—adding to station data files 4-3 
—broadcast 84 
—filter for reports 9-37 
—group 9-19 
—source in a frame 9-22 
station 44, 8-3, 84 
Alarm buffer 3-19, 5-4, 5-14, 8-5 
Alarm log 
—on the console 5-4, 5-14, 5-15 
Alarm log option 3-20, 9-7 
Alarm Log view 9-8 
—displaying 3-19, 5-13, 5-14 
Alarm Log view (figure) 9-25 


Alarm option 4-9, 5-16 

Alarm processing (figure) 5-3 

Alarm threshold information 
—in Manage Station Information 

view 4-6 

Alarm thresholds 
—changing 4-9, 5-7 
—global 5-5, 9-30 
—in STARTUP.TRA 8-3 
—types 5-4, 9-30 

ALARM.LOG 5-17, 9-31 

Alarms 
—acknowledging 5-14 
—clearing 5-14, 9-25 
—clearing automatically 5-16 
—clearing manually 5-16 
—different ways of clearing 5-15 
—interpreting 5-7 
—logging 5-16 
—printing 5-16, 9-30, 9-31 
—-printing automatically 5-16 
—priority levels 54, 9-31 
—saving to disk 5-17, 9-30, 9-31 
—station thresholds 5-6 


—when monitoring one type of 
frame or station 2-11, 5-7 


—with unmodifiable thresholds 5— 
4, 5-13 
Alarms sent to the console (figure) 
5-5 
Align history 9-6 
Align history (figure) 9-6 
Align history option 9-6 
All frames option 2-12, 9-5 
All stations option 
—Display menu 9-7 
—Monitor filters menu 2-11, 3-4, 
9-5 
All Stations Statistics view 
—graphic (figure) 9-20 
—numeric (figure) 9-19 
Analyzer 
—menu structure 2-4 
—starting 2-17 
—use of STARTUP.TRD 2-12, 2-13 


—use of STARTUP.TRI 8-5 
—use of station data files 4-3 
—user interface 2-4 


AND operator 


—using with report filters 6-26, 6- 
28, 9-35 


Appending alarms to existing 
ALARM.LOG 5-17 


Applying default station thresholds 
—-pressing F2 5-12 


Ascending order 
—sorting statistics in reports 6-25 


Assigning a SAP value in STAR- 
TUP.TRT 8-5 


Assigning a value to an option 2-7 
Assigning default alarm settings 4-3 
Audible alarms on the console 5-14 
Auto clear option 5-15, 5-16, 9-30 
Auto print option 
—Report menu 9-38 
Automatic report generation 
—terminating 6-20 
Automatically clearing alarms 5-16 
Automatically printing alarms 5-16 


Average frame size 
—for each station 7-6 
—sorting station statistics by 3-12 


Average network usage in a moni- 
toring session 9-9 


Average size 
—filter for reports 9-36 


Average size of transmitted frames 
9-9 


Axis in a graphic statistical view 3-4 


B 


Background monitoring 
—meaning 2-16 
—stopping 2-17 
Backup copies 
—station data files 4-3, 4-10, 8-3 
BACKUP.TRA 4-3, 8-3 
BACKUP.TRD 4-3, 8-3 


Baseline for your network 
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—examining frame size distribu- 
tions 7-6 


—examining the transmit timer 7— 
7 


—gathering history statistics 7-3 
—generating station history report 


—protocol testing 7-5 
Beacon frames 5-13, 9-10 
Beaconing network 9-10 
Blank report script 6-22 
Bringing background monitoring to 

foreground 2-16 
Broadcast address 8-4 
Broadcast alarm 

—global 9-30 
Broadcast alarm threshold 5-6 
Broadcast frames 5-6, 9-22 
Busy token 7-7 
Bytes 

—filter for reports 9-36 


Cc 


Calculating average size of transmit- 
ted frames 9-9 


Capabilities of the monitor 1-3 
Carriage return symbol in Main 
Menu 2-5, 2-6 
Changing 
—a station name 9-41 
—alarm thresholds during a moni- 
toring session 4-9, 5-7 
—default station alarm thresholds 
5-11 
—global alarm thresholds 5-8, 5- 
10 
—global or station alarm thresh- 
olds by pressing F7 4-9 
—network speed 9-41 
—station alarm thresholds 4-8 
Character strings in CSV reports 6- 
17 
Characters available in report scripts 
—displaying by pressing F7 6-27 
Choosing a value for an option 2-7 
Class of traffic 3-3, 9-8 
—definition 34 
—in Station History views 3-22 
—setting for station history statis- 
tics 7-4 


Class option 3-4, 3-9, 3-24, 9-8 
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Clear alarm file option 5-17, 9-32 


Clear option 
—Report menu 9-37 


Clearing a report script 6-22 
Clearing alarms 3-19, 9-25 
—effects 5-14 
—pressing F4 3-19, 5-16 
Clearing alarms automatically 9-29 
Clearing alarms manually 5-16 


Clearing contents of the report edi- 
tor 9-37 


Clearing HISTORY.LOG 9-6 

Clock in a statistical view 3-5 
Codes in report scripts 6-22 

Colors used in graphic displays 3-9 
Commas 


—inserting to separate report 
fields 6-17 


Configuring the network's data buff- 
ers 3-15 


Connectivity problems 2-14, 7-5 
Console 
—-printing reports 6-18 
—receiving alarms from server 5-5 
Console's alarm log 5-4, 5-14, 5-15 
Console's audible alarms 5-14 


Console's Server Status display 5-4, 
5-14 


Creating a report script 6-22 
Creating backup data files 4-3 
Current network usage 9-10 


Current time 


—graphic Global Statistics view 9- 
12 


Cursor keys 2-5 


Cursor position in a report script 6- 
23 


D 


Data rate 
—monitor 1-3 


Default alarm thresholds 
—station 9-30 


Default option settings 2-3 


Default station alarm thresholds 
—changing 5-11 


Deferring alarms when alarm buffer 
is full 5-14 


Defining report filters 6-26 
Deleting a line in a report script 6-27 
Deleting alarms 3-19, 5-14 
Deleting broadcast address 8-4 
Deleting stations 4-9 
Delimited format 

—reports 6-16 
Delimited format option 9-7, 9-35 
Delimited report format 6—21, 8-5, 

9-7 

Descending order 

—sorting statistics in reports 6-25 


Deviations from normal traffic pat- 
terns 7-3 


Disconnecting monitor station from 
network 9-10 
Display 
—freezing 3-5 
Display option 9-7 
Display options 
—numeric vs. graphic 3-4 
Displaying 
—a — by pressing F9 6-18, 6- 


—alarm log 5-13, 9-25 
—Alarm Log view 5-14 


—duration of a monitoring session 
3-6 


—frame sizes 9-20 

—global history 9-26 

—global statistics 3-8, 9-8 

—Help menu by pressing F1 2-10 
—history statistics for a station 7-4 


—Manage Station Information 
view 4-6, 9-40 


—network speed 2-11, 9-41 
—options by pressing F6 2-9 
—Report Script Editor view 9-33 
—routing information 9-21, 9-23 


—server's Main Selection Menu 9— 
42 


—sorted statistics for all stations 9— 
16 


—station history statistics 3-22, 3- 
24, 9-27 

—station statistics 3-8, 9-13 

—statistics by pressing F3 2-9, 3-3 

—statistics for all stations 3-11 

—the station list 2-11, 2-12 


Distribution of bytes by protocol 
types (figure) 3-18 


Duration of a monitoring session 3-6 


E 
Edit option 
—Alarm menu 4-3, 5-12, 9-29 
—Manage station menu 4-3 
—Report menu 9-33 
Editing 
—report scripts 6-21, 6-22, 9-39 
—station information 4-5 
Editing a station name 9-41 
Editing report scripts 
—using function keys 9-39 
Editing station information 9-41 
EDLIN 


—for adding protocols to STAR- 
TUP.TRT 3-18 


Effects of clearing alarms 5-14 
Elapsed activity 

—filter for reports 9-37 

—sorting station statistics by 3-12 


Embedded commas in report fields 
6-16 


End key 


—viewing the last screen of statisti- 
cal view 3-6 


Entering text in a report script 6-23 


Entering the @ symbol in a report 
script 6-23 


Erasing contents of report editor 9- 
37 


Erasing history statistics 3-20 
Erasing station history statistics 3-22 


Error counts 
—numeric Global Statistics view 
3-6, 9-10 
Error frames 
—sorting station history statistics 
by 7-4 
Error messages A-3 to A—7 
Errors 
—filter for reports 9-36 
Errors alarm 
—global 9-30 
—station 9-30 
Errors alarm threshold 5-6 
—station alarm 9-41 
ERRORS report 


—determining station errors 
threshold 5-9 


Errors report frames 3-8 
Errors report script 6-4, 9-32 
ERRORS.SCR 6-4, 9-32 


Esc 
—returning to previous screen 2— 
10 
Ethertype format 9-24 
Exceeding the alarm buffer's capaci- 
t 
tanta of 5-14 
Exit option 2-16, 9-42 
Exit to DOS 4-10 
as the monitor user interface 9- 


Exporting report files 6-16 


F 
Fl 

—displaying Help menu 2-9, 2-10 
F10 


—starting or stopping a monitor- 
ing session 2-9, 2-13 


—stopping a monitoring session 2— 


F2 
—applying default station thresh- 
olds 5-12 
F3 
—acknowledging alarms 3-19 
—displaying statistics 2-9, 3-3 
F4 
—clearing alarms 3-19, 5-16 
F5 
—returning to Main Menu 2-9 
F6 
—displaying options 2-9 
—resetting station alarm thresh- 
olds 4-9 
F7 


—changing global or station alarm 
thresholds 4-9 


—displaying available characters 
in report scripts 6-27 


—scaling up the axis in a graphic 
display 3-4 
F8 


—scaling down the axis in a graph- 
ic display 3-4 


Index 


F9 
—displaying a report 6-18, 6-27 
—freezing screen display 3-5 
—redisplaying after freezing the 
screen 3-5 
File option 
—Alarm\Log to menu 5-17, 8-5 
File transfer between server and con- 
sole 2-16 
Filenames 
—report scripts 6-29 
—reports 6-21 


—reports generated automatically 
6-20 


—reports generated manually or 
automatically 8-6 


—reports saved to disk 6-21 
Filters 

—examples 6-29 

—for defining a report script 9-35 

—specifying using the AND opera- 

tor 6-28 

First activity 

—filter for reports 9-36 

—sorting station statistics by 3-12 
First network activity 3-6 
Format of statistical display 3-3 
Fragments 

—in Frame Sizes view 9-20 


Frame size option 7-6 
Frame size report script 6-5, 9-32 


Frame sizes 
—displaying 9-8 
Frame sizes option 3-16, 9-7 
Frame Sizes view 9-20 
—for a 4 Mbps network (figure) 9- 
21 
Frames 
—Beacon 5-13, 9-10 
—broadcast 5-6, 9-22 
—displaying the sizes 3-15 
—filter for reports 9-36 
—Logical Link Control (LLC) 2-11, 
2-12, 9-5, 9-24 
—Medium Access Control (MAC) 
2-11, 2-12, 9-5 
—non-source-routed 9-23 
—oversized 5-13, 9-11 
—report script for size distribution 
6-5 
—Ring Poll Failure 5-13 
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—Ring Purge 9-10 

—Ring Purge MAC 9-11 
—routed or non-routed 9-22 
—size distribution 7-6 
—sizes 3-15, 7-4 


—soft error report 3-6, 3-8, 5-6, 9- 
11 


—test 9-4 
—Trace Tool Present 9-18 
—types to be monitored 9-5 
Frames destined for a group address 
9-22 
FRAMSIZE.SCR 6-5, 7-6, 9-32 
Free token 7-7, 9-11 
Freezing a screen display 
—-pressing F9 3-5 
Function keys 2-9, 3-6 


—for editing report scripts 9-33, 9- 
oo 


—for editing station information 
9-41 


G 


Generating reports 6-17 
Global alarm thresholds 5-5, 9-30 
—types 5-6 
Global alarms 
—broadcast 5-14 
—errors 5-14 
—idle 5-15 
—-priority level 54, 5-6 
—unknown station 5-15 
—usage 5-14 
Global broadcast alarm 9-30 
Global errors alarm 9-30 
Global history option 3-22, 7-3, 9-7 
Global history statistics 
—displaying 3-20, 3-22 
Global History Statistics view 7-3 
—graphic 3-21 
—graphic (figure) 9-27 
—numeric 3-20 
—numeric (figure) 9-26 
Global idle alarm 9-30 
Global statistics option 9-7 
Global Statistics view 3-6 
—displaying 3-8 
—graphic 9-11 
—graphic (figure) 9-12 
—numeric 9-8 to 9-11 
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—numeric (figure) 9-9 
Global usage alarm 9-30 


Graphic All Stations Statistics view 
9-19 


Graphic Global History Statistics 
view 9-27 


Graphic option 3-8, 9-8, 9-13, 9-17, 
9-26 


Graphic Single Station view 9-15 
Group address 9-19 
Group stations 6-8, 9-17 


H 


Header text in a printed report 6-18 


Help menu 
—pressing F1 2-9 


Highest number of inserted stations 
—in Global Statistics view 9-9 


Highlighted options in the Main 
Menu 2-5 


Highlighting a menu option 2-5 
Highlighting an alarm 3-19 
History intervals 7-3, 9-5, 9-27 
—aligning 9-6 
—aligning (figure) 9-6 


—changing during a monitoring 
session 3-20, 3-22 

History option 9-5 
History report 

—for a station 7-4 
History report script 6-6, 9-32 
History statistics 

—defining 2-12 

—erasing 3-20 

—for a particular station 7-4 

—global 3-20 


HISTORY.CSV 8-5, 9-7 
HISTORY.LOG 7-3, 8-5, 9-6, 9-7 
HISTORY.SCR 6-6, 9-32 


Home key 


—viewing the first screen of statis- 
tical view 3-6 


I 
IBM LAN Manager 1-4, 2-13, 9-10 
Identifying stations 44 


Idle alarm 
—global 9-30 
—station 9-31 


Idle alarm threshold 
—global 5-6 
—station 5-7 


Idle network 5-6 


Idle threshold 
—-station alarm 9-41 


IEEE 802.2 option 9-4 
IEEE 802.2 protocol 7-5, 9-4 
IEEE 802.5-compatible network 1-4 
Inactive stations 6-8, 9-17, 9-19 
Inoperable network 9-10 
Inserted stations 3-12 
—definition 6-26, 9-18, 9-35 
—displaying the number of 9-9 
Inserting a report field 6-22 
Interacting with the monitor 2-4 


Interrupting the automatic naming 
process 4-5 


Intervals 
—history 9-27 
—to which global thresholds apply 
5-5 


Intrv] option 9-5 
IPX protocol 1-4, 7-5, 9-4 


K 
Keys 
—for scrolling displays 3-6 


L. 


LAN Manager 
—IBM 9-10 


Last activity 

—filter for reports 9-36 

—sorting station statistics by 3-12 
Last network activity 3-6 
Length 

—routing 3-16, 9-23 
Length Bits in a frame 9-23 
Length of a monitoring session 3-6 
Length of a station name 4-7 
Limitations of background monitor- 

ing 2-16 

Limiting stations in a report 6-26 
Line error 9-11 
List of report fields 6-22 
List of report scripts 4-6 
Listeners report script 6-7, 9-32 


Index 


LISTENRS.SCR 6-7, 9-32 

LLC frames option 2-12, 9-5 

Load option 6-17, 9-32 

Loading a report script 4-6, 6-17 

Loading the monitor application 
program 2-4 

Loading the monitor driver into 
memory 2-4, 2-17 

Local token ring network 9-21 

Log to disk option 9-6 

Log to option 

—using with Auto clear 5-15 

Logging alarms to disk 5-16, 5-17, 
9-31 

Logging history statistics to disk 9-6 

Logical Link Control (LLC) frames 
2-11, 2-12, 9-5, 9-24 

Losing unnamed addresses 2-15 

Lost frame error 9-11 

Lost token 9-11 

LPT1 5-16, 6-18, 6-19 

LPT2 5-16, 6-18, 6-19 


M 

MAC frames option 2-12, 9-5 

MAC option 9-4 

MAC protocol 7-5, 9-4 

Main Menu 
—carriage return symbol 2-5 
—highlighted options 2-5 
—monitor 2-3 
—monitor (figure) 2-4 
—panels 2-5 
—pressing Enter 2-5 

Main Selection Menu 2-17 
—Sniffer server 9-42 

Manage Station Information view 9- 

40 

—alarm threshold information 4-6 
—displaying 4-3, 4-6 
—modifying STARTUP.TRA 8-4 
—modifying STARTUP.TRD 84 
—order of stations 4-7 
—unnamed addresses in 4-5 
—usage of function keys 9-41 

Manage Station Information view 

(figure) 44, 9-40 

Manage Stations Information view 

—modifying STARTUP.TRD 84 


Manage stations option 4-5, 4-6, 4-9 
Manually naming stations 4-5 
Manufacturer's code 
—in station addresses 8-4 
Maximum frame size 9-11 
Maximum number of entries in 
STARTUP.TRI 8-5 


Maximum number of entries in 
STARTUP.TRT 3-18 


Maximum number of SAP entries in 
STARTUP.TRT 8-5 


Maximum number of SAP labels in 
STARTUP.TRT 8-5 
Measuring transmit wait time 7-7 
—number of frames transmitted 9— 
4 


Medium Access Control (MAC) 
frames 2-11, 2-12, 5-7, 9-5 


MENU command 4-10 
Menu items 9-3 
Menu options 
—for specifying values 2-6 
—highlighting 2-5 
Menu structure 
—choosing options 2-6 
—monitor 2-5 
—moving through 2-5 
Menus 
—monitor 24 
Minimum configuration for the 
monitor 2-3 
Modifying station data files 
—in Manage Station Information 
view 4-3 
Modifying values in menus 2-6 


Monitor 

—alarm buffer 8-5 

—application program 2-4 

—assigning default alarm settings 
to stations 4-3 

—backup copies of data files 4-3 

—capabilities of 1-3 

—data rate 1-3 

—default option settings 2-3 

—driver 2-4 

—interacting with 24 

—lost frames 1-3 

—Main Menu 2-3 

—Main Menu (figure) 2-4 

—menu items 9-3 


—menu structure 2-5 
—minimum configuration 2-3 
—network speed 9-41 
—on-line help 2-10 
—processing alarms (figure) 5-3 
—starting 24 
—system requirements 1-4 
—typical application 1-3 
—unloading driver from memory 
2-15 

—use of function keys 2-9 
—user interface 2-4 

Monitor contention on a token ring 

network 9-10 

Monitor driver 
—loading into memory 2-4, 2-17 
—unloading from memory 2-15, 

2-17, 4-4 
Monitor filters option 2-11, 2-12, 2- 
13, 5-7, 9-5 
Monitor menus 2-4 
Monitor Services Menu 2-16 


Monitor station 


—disconnecting from network 9- 
10 


Monitoring 
—restricting 2-11 
Monitoring a single station 5-7 
Monitoring session 
—average network usage 9-9 
—background 2-16 
—duration 3-6 
—number of stations 9-9 
—starting 2-11, 2-13 
—stopping 2-15 
Moving through menus 2-5 
Moving within Help menu 2-10 


Moving within the Manage Station 
Information view 4-6 


Multiple files 


—printing reports automatically 
6-19 


Multiple SAP values in STARTUP.- 
TRT 8-5 


Mutually exclusive options 2-6 


N 


Name 
—filter for reports 9-36 


Name for the broadcast address 8-4 
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Named addresses 4-3 
Naming stations 2-15, 4-4 
—automatically 4-5, 9-40 


—in Manage Station Information 
view 4-6 


—manually 4-5 
Naming stations automatically 
—interrupting 4-5 
NetBEUI protocol 14 
NetBIOS 
—name in report scripts 6-22 
—protocol 7-5, 9-4 


—remote status request command 
9-4, 9-40 


NetBIOS option 9-4 
NetBIOS station test 7-5 
NetBIOS test frame 9-4 
NetWare option 9-4 
NetWare protocol 1+4, 7-5, 9-4 
Network 
—inoperable 9-10 
Network Adapter Status screen 7-5, 
9-4 
Network capacity 
—for measuring network usage 3- 
5 
Network interface card 
—setting network speed 2-11, 9-41 
Network programs 
—effects on frame size distribu- 
tions 7-6 
Network speed 1-4, 2-11, 9-41 
Network traffic 


—for measuring network usage 3- 
5 


—network programs' effects on 7— 


Network traffic patterns 


—during different times of year 7— 
3 


—typical 7-3 
Network type 14 
Network usage 3-3, 3-4, 5-6 
—current 9-10 
—definition 3-5 
—sorting station statistics by 3-12 


—configuring 3-15 
Network's normal traffic patterns 7— 
3 
No response alarm 9-31 
No response alarm threshold 5-6, 9- 
41 
Non-routed frames 9-22 
Non-source-routed frames 9-23 
Non-transmitting stations 9-22 
Normal file format 
—definition 6-16 
Normal network operation 
—indicated in Global Statistics 
view 9-10 
Normal traffic patterns 
—getting familiar with 7-3 
Number of bytes 
—sorting station statistics by 3-12 
Number of frames 
—-sorting station statistics by 3-12 
Number of frames transmitted 
—measuring transmit wait time 9- 
4 
Number of history intervals 9-5 


Number of lines in a printed report 
6-18 
Number of soft errors 
—sorting station statistics by 3-12 
Number of stations 
—displayed in a graphic All Sta- 
tions Statistics view 9-19 
Numeric Global History Statistics 
view (figure) 3-21 
Numeric Global Statistics view (fig- 
ure) 3-7 
Numeric option 3-8, 9-8, 9-13, 9-16, 
9-26 
Numeric Single Station view 3-8 
Numeric view 
—all stations statistics 9-18 


—Global History Statistics 3-20, 9- 
26 


—Global Statistics 3-6 
—single station 3-8, 9-13 to 9-15 
—Station History Statistics 9-28 


—Alarm log 3-20, 9-7 

—Align history 9-6 

—All frames 2-12, 9-5 

—All stations 3-6 
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